cve-2017-0925
Vulnerability from cvelistv5
Published
2018-03-21 20:00
Modified
2024-08-05 13:25
Severity
Summary
Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.
References
Source | URL | Tags |
---|---|---|
support@hackerone.com | https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ | Release Notes, Vendor Advisory |
support@hackerone.com | https://gitlab.com/gitlab-org/gitlab-ee/issues/3847 | Issue Tracking |
support@hackerone.com | https://www.debian.org/security/2018/dsa-4145 | Third Party Advisory |
Impacted products
Vendor | Product |
---|---|
GitLab | GitLab Community and Enterprise Editions |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T13:25:17.478Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4145", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4145" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://gitlab.com/gitlab-org/gitlab-ee/issues/3847" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitLab Community and Enterprise Editions", "vendor": "GitLab", "versions": [ { "status": "affected", "version": "8.10.6 - 10.1.5 Fixed in 10.1.6" }, { "status": "affected", "version": "10.2.0 - 10.2.5 Fixed in 10.2.6" }, { "status": "affected", "version": "10.3.0 - 10.3.3 Fixed in 10.3.4" } ] } ], "datePublic": "2018-01-16T00:00:00", "descriptions": [ { "lang": "en", "value": "Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-522", "description": "Insufficiently Protected Credentials (CWE-522)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-03-22T09:57:01", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "name": "DSA-4145", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4145" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://gitlab.com/gitlab-org/gitlab-ee/issues/3847" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "support@hackerone.com", "ID": "CVE-2017-0925", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "GitLab Community and Enterprise Editions", "version": { "version_data": [ { "version_value": "8.10.6 - 10.1.5 Fixed in 10.1.6" }, { "version_value": "10.2.0 - 10.2.5 Fixed in 10.2.6" }, { "version_value": "10.3.0 - 10.3.3 Fixed in 10.3.4" } ] } } ] }, "vendor_name": "GitLab" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Insufficiently Protected Credentials (CWE-522)" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4145", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4145" }, { "name": "https://gitlab.com/gitlab-org/gitlab-ee/issues/3847", "refsource": "CONFIRM", "url": "https://gitlab.com/gitlab-org/gitlab-ee/issues/3847" }, { "name": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "refsource": "CONFIRM", "url": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/" } ] } } } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2017-0925", "datePublished": "2018-03-21T20:00:00", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2024-08-05T13:25:17.478Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2017-0925\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2018-03-21T20:29:00.747\",\"lastModified\":\"2019-10-09T23:21:13.290\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.\"},{\"lang\":\"es\",\"value\":\"Gitlab Enterprise Edition 10.1.0 es vulnerable a un problema de credenciales protegidas de forma insuficiente en el endpoint de API de proyecto de integraci\u00f3n de servicio que resulta en la divulgaci\u00f3n de informaci\u00f3n de contrase\u00f1as en texto plano.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-319\"}]},{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"9.5.10\",\"matchCriteriaId\":\"05870508-1CE3-4659-858A-6065F3D8B6B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"9.5.10\",\"matchCriteriaId\":\"8D9B47D4-A6DB-4EBC-BD09-31CD3A77E430\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndIncluding\":\"10.1.5\",\"matchCriteriaId\":\"81E7F704-BE11-4C38-A69B-27D22298703D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndIncluding\":\"10.1.5\",\"matchCriteriaId\":\"64162AE5-7888-44B6-9E40-F8003806408C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"10.2.0\",\"versionEndIncluding\":\"10.2.5\",\"matchCriteriaId\":\"643E78E8-2909-41D4-BC2A-2CADDA141DCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"10.2.0\",\"versionEndIncluding\":\"10.2.5\",\"matchCriteriaId\":\"AA884C1E-9F66-41DA-9F23-1231086A75CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"10.3.0\",\"versionEndIncluding\":\"10.3.3\",\"matchCriteriaId\":\"7E7D952B-AB31-4962-B178-53260246B33E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"10.3.0\",\"versionEndIncluding\":\"10.3.3\",\"matchCriteriaId\":\"3CEEA359-A827-43C5-8489-FD49AE744CC4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://gitlab.com/gitlab-org/gitlab-ee/issues/3847\",\"source\":\"support@hackerone.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4145\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
Loading...