CVE-2017-0921
published 2018-07-03CVE-2017-0921: GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController…
PriorityP339high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
EPSS
1.07%
60.7th percentile
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 10.7.7+dfsg-2 (sid) | gitlab 10.7.7+dfsg-2 (sid) |
| gitlab | gitlab | < 10.1.6 | 10.1.6 |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 10.2.0 < 10.2.6 | 10.2.6 |
| gitlab | gitlab | >= 10.3.0 < 10.3.4 | 10.3.4 |
CVSS provenance
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.1HIGH
vendor_debian8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r86w-x85m-w6rj: GitLab Community and Enterprise Editions before 10
ghsa_unreviewed·2022-05-14
CVE-2017-0921 [HIGH] CWE-640 GHSA-r86w-x85m-w6rj: GitLab Community and Enterprise Editions before 10
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised.
OSV
CVE-2017-0921: GitLab Community and Enterprise Editions before 10
osv·2018-07-03·CVSS 8.1
CVE-2017-0921 [HIGH] CVE-2017-0921: GitLab Community and Enterprise Editions before 10
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised.
GitLab
CVE-2017-0921: GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsContr
vendor_gitlab·2018-07-03·CVSS 8.1
CVE-2017-0921 [HIGH] CWE-640 CVE-2017-0921: GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsContr
CVE-2017-0921: GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised.
Debian
CVE-2017-0921: gitlab - GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are v...
vendor_debian·2017·CVSS 8.1
CVE-2017-0921 [HIGH] CVE-2017-0921: gitlab - GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are v...
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised.
Scope: local
sid: resolved (fixed in 10.7.7+dfsg-2)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-07-03
Published