CVE-2017-0919
published 2018-07-03CVE-2017-0919: GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component…
PriorityP336high7.5CVSS 3.0
AVNACLPRNUINSUCNIHAN
EPSS
1.08%
61.1th percentile
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 10.5.5+dfsg-1 (sid) | gitlab 10.5.5+dfsg-1 (sid) |
| gitlab | gitlab | < 10.1.6 | 10.1.6 |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 10.2.0 < 10.2.6 | 10.2.6 |
| gitlab | gitlab | >= 10.3.0 < 10.3.4 | 10.3.4 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q9g2-gp7g-r5fj: GitLab Community and Enterprise Editions before 10
ghsa_unreviewed·2022-05-14
CVE-2017-0919 [HIGH] CWE-306 GHSA-q9g2-gp7g-r5fj: GitLab Community and Enterprise Editions before 10
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized.
OSV
CVE-2017-0919: GitLab Community and Enterprise Editions before 10
osv·2018-07-03·CVSS 7.5
CVE-2017-0919 [HIGH] CVE-2017-0919: GitLab Community and Enterprise Editions before 10
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized.
GitLab
CVE-2017-0919: GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import compon
vendor_gitlab·2018-07-03·CVSS 7.5
CVE-2017-0919 [HIGH] CWE-306 CVE-2017-0919: GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import compon
CVE-2017-0919: GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized.
Debian
CVE-2017-0919: gitlab - GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are v...
vendor_debian·2017·CVSS 7.5
CVE-2017-0919 [HIGH] CVE-2017-0919: gitlab - GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are v...
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized.
Scope: local
sid: resolved (fixed in 10.5.5+dfsg-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-07-03
Published