CVE-2017-11437
First published: Wed Aug 02 2017(Updated: )
GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | =8.5.0 | |
| GitLab | =8.5.1 | |
| GitLab | =8.5.2 | |
| GitLab | =8.5.3 | |
| GitLab | =8.5.4 | |
| GitLab | =8.5.5 | |
| GitLab | =8.5.6 | |
| GitLab | =8.5.7 | |
| GitLab | =8.5.8 | |
| GitLab | =8.5.9 | |
| GitLab | =8.5.10 | |
| GitLab | =8.5.11 | |
| GitLab | =8.5.12 | |
| GitLab | =8.5.13 | |
| GitLab | =8.6.0 | |
| GitLab | =8.6.1 | |
| GitLab | =8.6.2 | |
| GitLab | =8.6.3 | |
| GitLab | =8.6.4 | |
| GitLab | =8.6.5 | |
| GitLab | =8.6.6 | |
| GitLab | =8.6.7 | |
| GitLab | =8.6.8 | |
| GitLab | =8.6.9 | |
| GitLab | =8.7.0 | |
| GitLab | =8.7.1 | |
| GitLab | =8.7.2 | |
| GitLab | =8.7.3 | |
| GitLab | =8.7.4 | |
| GitLab | =8.7.5 | |
| GitLab | =8.7.6 | |
| GitLab | =8.7.7 | |
| GitLab | =8.7.8 | |
| GitLab | =8.7.9 | |
| GitLab | =8.8.0 | |
| GitLab | =8.8.1 | |
| GitLab | =8.8.2 | |
| GitLab | =8.8.3 | |
| GitLab | =8.8.4 | |
| GitLab | =8.8.5 | |
| GitLab | =8.8.6 | |
| GitLab | =8.8.7 | |
| GitLab | =8.8.8 | |
| GitLab | =8.8.9 | |
| GitLab | =8.9.0 | |
| GitLab | =8.9.1 | |
| GitLab | =8.9.2 | |
| GitLab | =8.9.3 | |
| GitLab | =8.9.4 | |
| GitLab | =8.9.5 | |
| GitLab | =8.9.6 | |
| GitLab | =8.9.7 | |
| GitLab | =8.9.10 | |
| GitLab | =8.9.11 | |
| GitLab | =8.10.0 | |
| GitLab | =8.10.1 | |
| GitLab | =8.10.2 | |
| GitLab | =8.10.3 | |
| GitLab | =8.10.4 | |
| GitLab | =8.10.5 | |
| GitLab | =8.10.6 | |
| GitLab | =8.10.7 | |
| GitLab | =8.10.8 | |
| GitLab | =8.10.9 | |
| GitLab | =8.10.10 | |
| GitLab | =8.10.11 | |
| GitLab | =8.10.12 | |
| GitLab | =8.10.13 | |
| GitLab | =8.11.0 | |
| GitLab | =8.11.1 | |
| GitLab | =8.11.2 | |
| GitLab | =8.11.3 | |
| GitLab | =8.11.4 | |
| GitLab | =8.11.5 | |
| GitLab | =8.11.6 | |
| GitLab | =8.11.7 | |
| GitLab | =8.11.8 | |
| GitLab | =8.11.9 | |
| GitLab | =8.11.10 | |
| GitLab | =8.11.11 | |
| GitLab | =8.12.0 | |
| GitLab | =8.12.1 | |
| GitLab | =8.12.2 | |
| GitLab | =8.12.3 | |
| GitLab | =8.12.4 | |
| GitLab | =8.12.5 | |
| GitLab | =8.12.6 | |
| GitLab | =8.12.7 | |
| GitLab | =8.12.8 | |
| GitLab | =8.12.9 | |
| GitLab | =8.12.10 | |
| GitLab | =8.12.11 | |
| GitLab | =8.12.12 | |
| GitLab | =8.13.0 | |
| GitLab | =8.13.1 | |
| GitLab | =8.13.2 | |
| GitLab | =8.13.3 | |
| GitLab | =8.13.4 | |
| GitLab | =8.13.5 | |
| GitLab | =8.13.6 | |
| GitLab | =8.13.7 | |
| GitLab | =8.13.8 | |
| GitLab | =8.13.9 | |
| GitLab | =8.13.10 | |
| GitLab | =8.13.11 | |
| GitLab | =8.14.0 | |
| GitLab | =8.14.1 | |
| GitLab | =8.14.2 | |
| GitLab | =8.14.3 | |
| GitLab | =8.14.4 | |
| GitLab | =8.14.5 | |
| GitLab | =8.14.6 | |
| GitLab | =8.14.8 | |
| GitLab | =8.14.9 | |
| GitLab | =8.14.10 | |
| GitLab | =8.15.0 | |
| GitLab | =8.15.1 | |
| GitLab | =8.15.2 | |
| GitLab | =8.15.3 | |
| GitLab | =8.15.4 | |
| GitLab | =8.15.6 | |
| GitLab | =8.15.7 | |
| GitLab | =8.15.8 | |
| GitLab | =8.16.0 | |
| GitLab | =8.16.1 | |
| GitLab | =8.16.2 | |
| GitLab | =8.16.3 | |
| GitLab | =8.16.4 | |
| GitLab | =8.16.5 | |
| GitLab | =8.16.6 | |
| GitLab | =8.16.7 | |
| GitLab | =8.16.8 | |
| GitLab | =8.16.9 | |
| GitLab | =8.17.0 | |
| GitLab | =8.17.1 | |
| GitLab | =8.17.2 | |
| GitLab | =8.17.3 | |
| GitLab | =8.17.4 | |
| GitLab | =8.17.5 | |
| GitLab | =8.17.6 | |
| GitLab | =9.0.0 | |
| GitLab | =9.0.1 | |
| GitLab | =9.0.2 | |
| GitLab | =9.0.3 | |
| GitLab | =9.0.4 | |
| GitLab | =9.0.5 | |
| GitLab | =9.0.6 | |
| GitLab | =9.0.7 | |
| GitLab | =9.0.8 | |
| GitLab | =9.0.9 | |
| GitLab | =9.0.10 | |
| GitLab | =9.1.0 | |
| GitLab | =9.1.1 | |
| GitLab | =9.1.2 | |
| GitLab | =9.1.3 | |
| GitLab | =9.1.4 | |
| GitLab | =9.1.5 | |
| GitLab | =9.1.6 | |
| GitLab | =9.1.7 | |
| GitLab | =9.2.0 | |
| GitLab | =9.2.1 | |
| GitLab | =9.2.2 | |
| GitLab | =9.2.3 | |
| GitLab | =9.2.4 | |
| GitLab | =9.2.5 | |
| GitLab | =9.2.6 | |
| GitLab | =9.2.7 | |
| GitLab | =9.3.0 | |
| GitLab | =9.3.1 | |
| GitLab | =9.3.2 | |
| GitLab | =9.3.3 | |
| GitLab | =9.3.4 | |
| GitLab | =9.3.5 | |
| GitLab | =9.3.6 | |
| GitLab | =9.3.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-11437?
The severity of CVE-2017-11437 is classified as high due to the potential for an authenticated user to access other users' repositories.
How do I fix CVE-2017-11437?
To fix CVE-2017-11437, update GitLab Enterprise Edition to version 8.17.7, 9.0.11, 9.1.8, 9.2.8, or 9.3.8 or later.
Who is affected by CVE-2017-11437?
CVE-2017-11437 affects GitLab Enterprise Edition versions prior to 8.17.7, as well as several 9.x versions.
What kind of access does CVE-2017-11437 allow?
CVE-2017-11437 potentially allows authenticated users to read repositories that belong to other users through the mirroring feature.
What should I do if I cannot update to the fixed version for CVE-2017-11437?
If you cannot update, consider disabling the mirroring feature or limit project creation privileges to trusted users as a temporary measure.
- agent/type
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/8.5.0
- version/gitlab/8.5.1
- version/gitlab/8.5.2
- version/gitlab/8.5.3
- version/gitlab/8.5.4
- version/gitlab/8.5.5
- version/gitlab/8.5.6
- version/gitlab/8.5.7
- version/gitlab/8.5.8
- version/gitlab/8.5.9
- version/gitlab/8.5.10
- version/gitlab/8.5.11
- version/gitlab/8.5.12
- version/gitlab/8.5.13
- version/gitlab/8.6.0
- version/gitlab/8.6.1
- version/gitlab/8.6.2
- version/gitlab/8.6.3
- version/gitlab/8.6.4
- version/gitlab/8.6.5
- version/gitlab/8.6.6
- version/gitlab/8.6.7
- version/gitlab/8.6.8
- version/gitlab/8.6.9
- version/gitlab/8.7.0
- version/gitlab/8.7.1
- version/gitlab/8.7.2
- version/gitlab/8.7.3
- version/gitlab/8.7.4
- version/gitlab/8.7.5
- version/gitlab/8.7.6
- version/gitlab/8.7.7
- version/gitlab/8.7.8
- version/gitlab/8.7.9
- version/gitlab/8.8.0
- version/gitlab/8.8.1
- version/gitlab/8.8.2
- version/gitlab/8.8.3
- version/gitlab/8.8.4
- version/gitlab/8.8.5
- version/gitlab/8.8.6
- version/gitlab/8.8.7
- version/gitlab/8.8.8
- version/gitlab/8.8.9
- version/gitlab/8.9.0
- version/gitlab/8.9.1
- version/gitlab/8.9.2
- version/gitlab/8.9.3
- version/gitlab/8.9.4
- version/gitlab/8.9.5
- version/gitlab/8.9.6
- version/gitlab/8.9.7
- version/gitlab/8.9.10
- version/gitlab/8.9.11
- version/gitlab/8.10.0
- version/gitlab/8.10.1
- version/gitlab/8.10.2
- version/gitlab/8.10.3
- version/gitlab/8.10.4
- version/gitlab/8.10.5
- version/gitlab/8.10.6
- version/gitlab/8.10.7
- version/gitlab/8.10.8
- version/gitlab/8.10.9
- version/gitlab/8.10.10
- version/gitlab/8.10.11
- version/gitlab/8.10.12
- version/gitlab/8.10.13
- version/gitlab/8.11.0
- version/gitlab/8.11.1
- version/gitlab/8.11.2
- version/gitlab/8.11.3
- version/gitlab/8.11.4
- version/gitlab/8.11.5
- version/gitlab/8.11.6
- version/gitlab/8.11.7
- version/gitlab/8.11.8
- version/gitlab/8.11.9
- version/gitlab/8.11.10
- version/gitlab/8.11.11
- version/gitlab/8.12.0
- version/gitlab/8.12.1
- version/gitlab/8.12.2
- version/gitlab/8.12.3
- version/gitlab/8.12.4
- version/gitlab/8.12.5
- version/gitlab/8.12.6
- version/gitlab/8.12.7
- version/gitlab/8.12.8
- version/gitlab/8.12.9
- version/gitlab/8.12.10
- version/gitlab/8.12.11
- version/gitlab/8.12.12
- version/gitlab/8.13.0
- version/gitlab/8.13.1
- version/gitlab/8.13.2
- version/gitlab/8.13.3
- version/gitlab/8.13.4
- version/gitlab/8.13.5
- version/gitlab/8.13.6
- version/gitlab/8.13.7
- version/gitlab/8.13.8
- version/gitlab/8.13.9
- version/gitlab/8.13.10
- version/gitlab/8.13.11
- version/gitlab/8.14.0
- version/gitlab/8.14.1
- version/gitlab/8.14.2
- version/gitlab/8.14.3
- version/gitlab/8.14.4
- version/gitlab/8.14.5
- version/gitlab/8.14.6
- version/gitlab/8.14.8
- version/gitlab/8.14.9
- version/gitlab/8.14.10
- version/gitlab/8.15.0
- version/gitlab/8.15.1
- version/gitlab/8.15.2
- version/gitlab/8.15.3
- version/gitlab/8.15.4
- version/gitlab/8.15.6
- version/gitlab/8.15.7
- version/gitlab/8.15.8
- version/gitlab/8.16.0
- version/gitlab/8.16.1
- version/gitlab/8.16.2
- version/gitlab/8.16.3
- version/gitlab/8.16.4
- version/gitlab/8.16.5
- version/gitlab/8.16.6
- version/gitlab/8.16.7
- version/gitlab/8.16.8
- version/gitlab/8.16.9
- version/gitlab/8.17.0
- version/gitlab/8.17.1
- version/gitlab/8.17.2
- version/gitlab/8.17.3
- version/gitlab/8.17.4
- version/gitlab/8.17.5
- version/gitlab/8.17.6
- version/gitlab/9.0.0
- version/gitlab/9.0.1
- version/gitlab/9.0.2
- version/gitlab/9.0.3
- version/gitlab/9.0.4
- version/gitlab/9.0.5
- version/gitlab/9.0.6
- version/gitlab/9.0.7
- version/gitlab/9.0.8
- version/gitlab/9.0.9
- version/gitlab/9.0.10
- version/gitlab/9.1.0
- version/gitlab/9.1.1
- version/gitlab/9.1.2
- version/gitlab/9.1.3
- version/gitlab/9.1.4
- version/gitlab/9.1.5
- version/gitlab/9.1.6
- version/gitlab/9.1.7
- version/gitlab/9.2.0
- version/gitlab/9.2.1
- version/gitlab/9.2.2
- version/gitlab/9.2.3
- version/gitlab/9.2.4
- version/gitlab/9.2.5
- version/gitlab/9.2.6
- version/gitlab/9.2.7
- version/gitlab/9.3.0
- version/gitlab/9.3.1
- version/gitlab/9.3.2
- version/gitlab/9.3.3
- version/gitlab/9.3.4
- version/gitlab/9.3.5
- version/gitlab/9.3.6
- version/gitlab/9.3.7