CVE-2017-0926: Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.

high8.8CVSS 3.0

AVNACLPRLUINSUCHIHAH

Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.

Affected

11 ranges

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	gitlab	< gitlab 10.5.5+dfsg-1 (sid)	gitlab 10.5.5+dfsg-1 (sid)
gitlab	gitlab	—	—
gitlab	gitlab	10.0.0 – 10.1.5	—
gitlab	gitlab	10.2.0 – 10.2.5	—
gitlab	gitlab	10.3.0 – 10.3.3	—
gitlab	gitlab	8.8.0 – 9.5.10	—
gitlab	gitlab_community_and_enterprise_editions	—	—
gitlab	gitlab_community_and_enterprise_editions	—	—
gitlab	gitlab_community_and_enterprise_editions	—	—
gitlab	gitlab_community_and_enterprise_editions	—	—