Vulnerability Description
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users.
CVSS Score
6.5
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gitlab | Gitlab | >= 8.16.0, <= 9.5.10 |
Related Weaknesses (CWE)
References
- https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/Vendor Advisory
- https://gitlab.com/gitlab-org/gitlab-ce/issues/37594Issue TrackingThird Party Advisory
- https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/Vendor Advisory
- https://gitlab.com/gitlab-org/gitlab-ce/issues/37594Issue TrackingThird Party Advisory
FAQ
What is CVE-2017-0927?
CVE-2017-0927 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users.
How severe is CVE-2017-0927?
CVE-2017-0927 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-0927?
Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.