CVE-2017-0919
First published: Tue Jul 03 2018(Updated: )
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | <10.1.6 | |
| GitLab | <10.1.6 | |
| GitLab | >=10.2.0<10.2.6 | |
| GitLab | >=10.2.0<10.2.6 | |
| GitLab | >=10.3.0<10.3.4 | |
| GitLab | >=10.3.0<10.3.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-0919?
CVE-2017-0919 has a medium severity rating due to its potential to allow unauthorized operations within GitLab groups.
How do I fix CVE-2017-0919?
To fix CVE-2017-0919, upgrade your GitLab Community or Enterprise Edition to version 10.1.6, 10.2.6, or 10.3.4 or later.
What type of vulnerability is identified in CVE-2017-0919?
CVE-2017-0919 is an authorization bypass vulnerability that affects the GitLab import component.
What software is affected by CVE-2017-0919?
CVE-2017-0919 affects GitLab Community and Enterprise Editions prior to versions 10.1.6, 10.2.6, and 10.3.4.
How was CVE-2017-0919 discovered?
CVE-2017-0919 was reported through a security vulnerability report that highlighted the potential for unauthorized access.
- agent/type
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/10.2.0
- version/gitlab/10.3.0