CVE-2017-0927

6.5MEDIUM

Key Information:

Vendor
Gitlab
Status
Gitlab Community And Enterprise Editions
Vendor
CVE Published:
21 March 2018

Summary

Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users.

Affected Version(s)

GitLab Community and Enterprise Editions 8.10.6 - 10.1.5 Fixed in 10.1.6

GitLab Community and Enterprise Editions 10.2.0 - 10.2.5 Fixed in 10.2.6

GitLab Community and Enterprise Editions 10.3.0 - 10.3.3 Fixed in 10.3.4

References

https://gitlab.com/gitlab-org/gitlab-ce/issues/37594
x_refsource_CONFIRM
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.