7.2

CVE-2017-0925

Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.

Data is provided by the National Vulnerability Database (NVD)
GitlabGitlab SwEditioncommunity Version >= 8.0.0 <= 9.5.10
GitlabGitlab SwEditionenterprise Version >= 8.0.0 <= 9.5.10
GitlabGitlab SwEditioncommunity Version >= 10.0.0 <= 10.1.5
GitlabGitlab SwEditionenterprise Version >= 10.0.0 <= 10.1.5
GitlabGitlab SwEditioncommunity Version >= 10.2.0 <= 10.2.5
GitlabGitlab SwEditionenterprise Version >= 10.2.0 <= 10.2.5
GitlabGitlab SwEditioncommunity Version >= 10.3.0 <= 10.3.3
GitlabGitlab SwEditionenterprise Version >= 10.3.0 <= 10.3.3
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.11% 0.292
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.2 1.2 5.9
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.