Vulnerability Description
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting.
CVSS Score
6.1
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gitlab | Gitlab | >= 10.1.0, <= 10.1.5 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/Vendor Advisory
- https://hackerone.com/reports/299525Permissions Required
- https://www.debian.org/security/2018/dsa-4145Third Party Advisory
- https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/Vendor Advisory
- https://hackerone.com/reports/299525Permissions Required
- https://www.debian.org/security/2018/dsa-4145Third Party Advisory
FAQ
What is CVE-2017-0917?
CVE-2017-0917 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting.
How severe is CVE-2017-0917?
CVE-2017-0917 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-0917?
Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab, Debian Debian Linux.