CVE-2017-0925

CWE-522Insufficiently Protected CredentialsCWE-319Cleartext Transmission6 documents6 sources
Severity
7.2HIGH
EPSS
0.1%
top 71.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Gitlab GitlabGitlab Gitlab Community AND Enterprise EditionsDebian Debian Linux
Timeline
PublishedMar 21
Latest updateMay 13

Description

Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5gitlab/gitlab_community_and_enterprise_editions10.2.0 - 10.2.5 Fixed in 10.2.6, 10.3.0 - 10.3.3 Fixed in 10.3.4, 8.10.6 - 10.1.5 Fixed in 10.1.6+2
NVDgitlab/gitlab8.0.09.5.10+3

Also affects: Debian Linux 9.0

🔴Vulnerability Details

3
GHSA
GHSA-fwr7-9543-4584: Gitlab Enterprise Edition version 102022-05-13
OSV
CVE-2017-0925: Gitlab Enterprise Edition version 102018-03-21
CVEList
CVE-2017-0925: Gitlab Enterprise Edition version 102018-03-21

📋Vendor Advisories

2
GitLab
CVE-2017-0925: Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint2018-03-21
Debian
CVE-2017-0925: gitlab - Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently prot...2017
CVE-2017-0925 (HIGH CVSS 7.2) | Gitlab Enterprise Edition version 1 | cvebase.io