PT-2017-10683 · Gitlab · Gitlab

Published

2017-03-28

Updated

2019-10-09

CVE-2017-0882

CVSS v3.1

6.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions GitLab versions prior to 8.15.8 GitLab versions prior to 8.16.7 GitLab versions prior to 8.17.4

Description Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request.

Recommendations For versions prior to 8.15.8, update to version 8.15.8 or later. For versions prior to 8.16.7, update to version 8.16.7 or later. For versions prior to 8.17.4, update to version 8.17.4 or later.

Exploit

Fix

IDOR

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639CWE-200

Related Identifiers

CVE-2017-0882

Affected Products

Gitlab

PT-2017-10683 · Gitlab · Gitlab

CVE-2017-0882

Weakness Enumeration

Related Identifiers

Affected Products

References · 10