PT-2017-14967 · Gitlab · Gitlab+1
Published
2017-12-17
·
Updated
2018-01-04
·
CVE-2017-17716
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab versions 9.4.0 through 9.4.1
Description
The issue is related to the use of the omniauth-ldap library and the gitlab omniauth-ldap gem, where GitLab does not support LDAP SSL certificate verification. This occurred due to unmerged code.
Recommendations
For GitLab versions 9.4.0 through 9.4.1, update to version 9.4.2 or later to resolve the issue.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab
Gitlab Omniauth-Ldap