6.3

CVE-2017-0882

Exploit
Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GitlabGitLab Version8.2.0
GitlabGitLab Version8.2.1
GitlabGitLab Version8.2.2
GitlabGitLab Version8.2.3
GitlabGitLab Version8.2.4
GitlabGitLab Version8.2.5
GitlabGitLab Version8.3.0
GitlabGitLab Version8.3.8
GitlabGitLab Version8.3.9
GitlabGitLab Version8.4.0
GitlabGitLab Version8.4.9
GitlabGitLab Version8.4.10
GitlabGitLab Version8.5.0
GitlabGitLab Version8.5.11
GitlabGitLab Version8.5.12
GitlabGitLab Version8.6.0
GitlabGitLab Version8.6.7
GitlabGitLab Version8.6.8
GitlabGitLab Version8.7.0
GitlabGitLab Version8.7.1
GitlabGitLab Version8.10.0
GitlabGitLab Version8.10.12
GitlabGitLab Version8.10.13
GitlabGitLab Version8.11.0
GitlabGitLab Version8.11.9
GitlabGitLab Version8.11.10
GitlabGitLab Version8.12.0
GitlabGitLab Version8.12.7
GitlabGitLab Version8.12.8
GitlabGitLab Version8.13.0
GitlabGitLab Version8.13.2
GitlabGitLab Version8.13.3
GitlabGitLab Version8.14.0
GitlabGitLab Version8.14.1
GitlabGitLab Version8.14.2
GitlabGitLab Version8.14.3
GitlabGitLab Version8.14.4
GitlabGitLab Version8.14.5
GitlabGitLab Version8.14.6
GitlabGitLab Version8.15.0
GitlabGitLab Version8.15.1
GitlabGitLab Version8.15.2
GitlabGitLab Version8.15.3
GitlabGitLab Version8.15.4
GitlabGitLab Version8.15.5
GitlabGitLab Version8.15.6
GitlabGitLab Version8.15.7
GitlabGitLab Version8.16.0
GitlabGitLab Version8.16.1
GitlabGitLab Version8.16.2
GitlabGitLab Version8.16.3
GitlabGitLab Version8.16.4
GitlabGitLab Version8.16.5
GitlabGitLab Version8.16.6
GitlabGitLab Version8.16.7
GitlabGitLab Version8.17.0
GitlabGitLab Version8.17.1
GitlabGitLab Version8.17.2
GitlabGitLab Version8.17.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.06% 0.6
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.3 2.8 3.4
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

http://www.securityfocus.com/bid/97157
Third Party Advisory
VDB Entry
https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/
Vendor Advisory
Release Notes
https://gitlab.com/gitlab-org/gitlab-ce/commit/43f5a2739dbf8f5c4c16a79f98e2630888f6b5d1
Patch
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab-ce/commit/a70346fc6530aa28a98e4aa4cf0f40e2c3bcef6b
Patch
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab-ce/commit/cdf396f456472ef8decd9598daa8dc0097cd30c5
Patch
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab-ce/issues/29661
Vendor Advisory
Exploit