Vulnerability Description
Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gitlab | Gitlab | >= 8.0.0, <= 9.5.10 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/Release NotesVendor Advisory
- https://gitlab.com/gitlab-org/gitlab-ee/issues/3847Issue Tracking
- https://www.debian.org/security/2018/dsa-4145Third Party Advisory
- https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/Release NotesVendor Advisory
- https://gitlab.com/gitlab-org/gitlab-ee/issues/3847Issue Tracking
- https://www.debian.org/security/2018/dsa-4145Third Party Advisory
FAQ
What is CVE-2017-0925?
CVE-2017-0925 is a vulnerability with a CVSS score of 7.2 (HIGH). Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plainte...
How severe is CVE-2017-0925?
CVE-2017-0925 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-0925?
Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab, Debian Debian Linux.