Insufficiently Protected Credential Vulnerability in GitLab Enterprise Edition
CVE-2017-0925
7.2HIGH
Key Information:
- Vendor
Gitlab
- Vendor
- CVE Published:
- 21 March 2018
What is CVE-2017-0925?
GitLab Enterprise Edition version 10.1.0 is affected by a significant vulnerability related to the project service integration API endpoint, which lacks adequate protections for user credentials. This weakness can potentially lead to the exposure of plaintext passwords, allowing unauthorized access to sensitive information and compromising user security.
Affected Version(s)
GitLab Community and Enterprise Editions 8.10.6 - 10.1.5 Fixed in 10.1.6
GitLab Community and Enterprise Editions 10.2.0 - 10.2.5 Fixed in 10.2.6
GitLab Community and Enterprise Editions 10.3.0 - 10.3.3 Fixed in 10.3.4