CVE-2017-0926

CWE-285 CWE-863 — Incorrect Authorization6 documents6 sources

Severity

8.8HIGH

EPSS

0.3%

top 45.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Gitlab Gitlab Gitlab Community AND Enterprise Editions Debian Debian Linux

Timeline

PublishedMar 21

Latest updateMay 13

Description

Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5gitlab/gitlab_community_and_enterprise_editions4 versions+3

▶NVDgitlab/gitlab8.8.0 — 9.5.10+3

Also affects: Debian Linux 9.0

🔴Vulnerability Details

GHSA

GHSA-64x3-qr9c-w6jw: Gitlab Community Edition version 10↗2022-05-13

▶

CVEList

CVE-2017-0926: Gitlab Community Edition version 10↗2018-03-21

▶

💥Exploits & PoCs

Exploit-DB

Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory↗2017-03-27

▶

📋Vendor Advisories

GitLab

CVE-2017-0926: Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user l↗2018-03-21

▶

Debian

CVE-2017-0926: gitlab - Gitlab Community Edition version 10.3 is vulnerable to an improper authorization...↗2017

▶