PT-2018-5153 · Gitlab · Gitlab Ce/Ee+1

Publicado

2018-03-18

Atualizado

2019-10-09

CVE-2017-0926

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Gitlab Community Edition version 10.3

Description The issue is related to an improper authorization problem in the Oauth sign-in component, which can result in unauthorized user login. This allows unauthorized access to the system.

Recommendations For Gitlab Community Edition version 10.3, consider disabling the Oauth sign-in component until a patch is available to prevent unauthorized user login. Restrict access to sensitive areas of the system to minimize the risk of exploitation.

Exploit

Correção

Improper Authorization

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-285CWE-863

Identificadores relacionados

CVE-2017-0926

DSA-4145-1

Produtos afetados

Gitlab

Gitlab Ce/Ee

PT-2018-5153 · Gitlab · Gitlab Ce/Ee+1

CVE-2017-0926

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 18