CVE-2017-0920
published 2018-03-22CVE-2017-0920: GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the…
medium4.3CVSS 3.0
AVNACLPRLUINSUCLINAN
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 10.5.5+dfsg-1 (sid) | gitlab 10.5.5+dfsg-1 (sid) |
| gitlab | gitlab | <= 10.1.5 | — |
| gitlab | gitlab | <= 10.2.5 | — |
| gitlab | gitlab | <= 10.3.3 | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | 10.2.0 – 10.2.5 | — |
| gitlab | gitlab | 10.3.0 – 10.3.3 | — |
| gitlab | gitlab | 8.8.0 – 10.1.5 | — |
| gitlab | gitlab_community_and_enterprise_editions | — | — |