PT-2018-5153 · Gitlab · Gitlab Ce/Ee+1

Published

2018-03-18

Updated

2019-10-09

CVE-2017-0926

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Gitlab Community Edition version 10.3

Description The issue is related to an improper authorization problem in the Oauth sign-in component, which can result in unauthorized user login. This allows unauthorized access to the system.

Recommendations For Gitlab Community Edition version 10.3, consider disabling the Oauth sign-in component until a patch is available to prevent unauthorized user login. Restrict access to sensitive areas of the system to minimize the risk of exploitation.

Exploit

Fix

Improper Authorization

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-863

Related Identifiers

CVE-2017-0926

DSA-4145-1

Affected Products

Gitlab

Gitlab Ce/Ee

PT-2018-5153 · Gitlab · Gitlab Ce/Ee+1

CVE-2017-0926

Weakness Enumeration

Related Identifiers

Affected Products

References · 18