CVE-2017-0922

CWE-639Insecure Direct Object ReferenceCWE-863Incorrect Authorization5 documents5 sources
Severity
7.5HIGH
EPSS
0.1%
top 76.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Gitlab GitlabGitlab Gitlab Community AND Enterprise Editions
Timeline
PublishedMar 21
Latest updateMay 13

Description

Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5gitlab/gitlab_community_and_enterprise_editions10.2.0 - 10.2.5 Fixed in 10.2.6, 10.3.0 - 10.3.3 Fixed in 10.3.4, 9.1.0 - 10.1.5 Fixed in 10.1.6+2
NVDgitlab/gitlab9.1.09.5.10+3

🔴Vulnerability Details

2
GHSA
GHSA-rw3m-264q-5gp2: Gitlab Enterprise Edition version 102022-05-13
CVEList
CVE-2017-0922: Gitlab Enterprise Edition version 102018-03-21

📋Vendor Advisories

2
GitLab
CVE-2017-0922: Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in2018-03-21
Debian
CVE-2017-0922: gitlab - Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass ...2017
CVE-2017-0922 (HIGH CVSS 7.5) | Gitlab Enterprise Edition version 1 | cvebase.io