[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99536

 
 

909

 
 

80128

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2017-11437

Date: (C)2017-08-05   (M)2017-12-07 


GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users.

CVSS Score: 4.0Access Vector: NETWORK
Exploit Score: 8.0Access Complexity: LOW
Impact Score: 2.9Authentication: SINGLE_INSTANCE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: NONE





Reference:
https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/

CPE    175
cpe:/a:gitlab:gitlab:8.5.0::~~enterprise~~~
cpe:/a:gitlab:gitlab:8.5.1::~~enterprise~~~
cpe:/a:gitlab:gitlab:8.5.2::~~enterprise~~~
cpe:/a:gitlab:gitlab:8.5.3::~~enterprise~~~
...
CWE    1
CWE-264

© 2013 SecPod Technologies