First published: Thu May 24 2018(Updated: )
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised.
Credit: support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | <10.1.6 | |
GitLab GitLab | <10.1.6 | |
GitLab GitLab | >=10.2.0<10.2.6 | |
GitLab GitLab | >=10.2.0<10.2.6 | |
GitLab GitLab | >=10.3.0<10.3.4 | |
GitLab GitLab | >=10.3.0<10.3.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.