cbcvebase.
CVE-2017-0925
published 2018-03-21

CVE-2017-0925: Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint…

high7.2CVSS 3.0
AVNACLPRHUINSUCHIHAH
Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.

Affected

10 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiangitlab< gitlab 10.5.5+dfsg-1 (sid)gitlab 10.5.5+dfsg-1 (sid)
gitlabgitlab
gitlabgitlab10.0.0 – 10.1.5
gitlabgitlab10.2.0 – 10.2.5
gitlabgitlab10.3.0 – 10.3.3
gitlabgitlab8.0.0 – 9.5.10
gitlabgitlab_community_and_enterprise_editions
gitlabgitlab_community_and_enterprise_editions
gitlabgitlab_community_and_enterprise_editions

CVSS provenance

nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
osv7.2HIGH