cbcvebase.
CVE-2017-0919
published 2018-07-03

CVE-2017-0919: GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component…

PriorityP336high7.5CVSS 3.0
AVNACLPRNUINSUCNIHAN
EPSS
1.08%
61.1th percentile
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized.

Affected

5 ranges
VendorProductVersion rangeFixed in
debiangitlab< gitlab 10.5.5+dfsg-1 (sid)gitlab 10.5.5+dfsg-1 (sid)
gitlabgitlab< 10.1.610.1.6
gitlabgitlab
gitlabgitlab>= 10.2.0 < 10.2.610.2.6
gitlabgitlab>= 10.3.0 < 10.3.410.3.4

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.