CVE-2017-0925

Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.

Published: Mar 21, 2018
Updated: Apr 13, 2023
CVE: CVE-2017-0925
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-319

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
gitlab / gitlab	10.3.0	10.3.3.x
gitlab / gitlab	10.0.0	10.1.5.x
gitlab / gitlab	10.2.0	10.2.5.x
gitlab / gitlab	8.0.0	9.5.10.x
debian / debian_linux	9.0	9.0.x

https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
https://gitlab.com/gitlab-org/gitlab-ee/issues/3847
https://www.debian.org/security/2018/dsa-4145

Vulnerability Database

289,697

CVE-2017-0925