First published: Mon Aug 14 2017(Updated: )
GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab | <=8.17.7 | |
GitLab | <=8.17.7 | |
GitLab | =9.0.0 | |
GitLab | =9.0.0 | |
GitLab | =9.0.1 | |
GitLab | =9.0.1 | |
GitLab | =9.0.2 | |
GitLab | =9.0.2 | |
GitLab | =9.0.3 | |
GitLab | =9.0.3 | |
GitLab | =9.0.4 | |
GitLab | =9.0.4 | |
GitLab | =9.0.5 | |
GitLab | =9.0.5 | |
GitLab | =9.0.6 | |
GitLab | =9.0.6 | |
GitLab | =9.0.7 | |
GitLab | =9.0.7 | |
GitLab | =9.0.8 | |
GitLab | =9.0.8 | |
GitLab | =9.0.9 | |
GitLab | =9.0.9 | |
GitLab | =9.0.10 | |
GitLab | =9.0.10 | |
GitLab | =9.0.11 | |
GitLab | =9.0.11 | |
GitLab | =9.0.12 | |
GitLab | =9.0.12 | |
GitLab | =9.1.0 | |
GitLab | =9.1.0 | |
GitLab | =9.1.1 | |
GitLab | =9.1.1 | |
GitLab | =9.1.2 | |
GitLab | =9.1.2 | |
GitLab | =9.1.3 | |
GitLab | =9.1.3 | |
GitLab | =9.1.4 | |
GitLab | =9.1.4 | |
GitLab | =9.1.5 | |
GitLab | =9.1.5 | |
GitLab | =9.1.6 | |
GitLab | =9.1.6 | |
GitLab | =9.1.7 | |
GitLab | =9.1.7 | |
GitLab | =9.1.8 | |
GitLab | =9.1.8 | |
GitLab | =9.1.9 | |
GitLab | =9.1.9 | |
GitLab | =9.2.0 | |
GitLab | =9.2.0 | |
GitLab | =9.2.1 | |
GitLab | =9.2.1 | |
GitLab | =9.2.2 | |
GitLab | =9.2.2 | |
GitLab | =9.2.3 | |
GitLab | =9.2.3 | |
GitLab | =9.2.4 | |
GitLab | =9.2.4 | |
GitLab | =9.2.5 | |
GitLab | =9.2.5 | |
GitLab | =9.2.6 | |
GitLab | =9.2.6 | |
GitLab | =9.2.7 | |
GitLab | =9.2.7 | |
GitLab | =9.2.8 | |
GitLab | =9.2.8 | |
GitLab | =9.2.9 | |
GitLab | =9.2.9 | |
GitLab | =9.3.0 | |
GitLab | =9.3.0 | |
GitLab | =9.3.1 | |
GitLab | =9.3.1 | |
GitLab | =9.3.2 | |
GitLab | =9.3.2 | |
GitLab | =9.3.3 | |
GitLab | =9.3.3 | |
GitLab | =9.3.4 | |
GitLab | =9.3.4 | |
GitLab | =9.3.5 | |
GitLab | =9.3.5 | |
GitLab | =9.3.6 | |
GitLab | =9.3.6 | |
GitLab | =9.3.7 | |
GitLab | =9.3.7 | |
GitLab | =9.3.8 | |
GitLab | =9.3.8 | |
GitLab | =9.3.9 | |
GitLab | =9.3.9 | |
GitLab | =9.4.0 | |
GitLab | =9.4.0 | |
GitLab | =9.4.1 | |
GitLab | =9.4.1 | |
GitLab | =9.4.2 | |
GitLab | =9.4.2 | |
GitLab | =9.4.3 | |
GitLab | =9.4.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-12426 has a high severity due to its potential to allow remote code execution on affected GitLab installations.
To fix CVE-2017-12426, upgrade to GitLab Community Edition version 8.17.8 or later, or GitLab Enterprise Edition version 9.4.4 or later.
CVE-2017-12426 affects GitLab versions before 8.17.8, all 9.0.x versions before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4.
CVE-2017-12426 is a remote code execution vulnerability that can be exploited through crafted SSH URLs in project imports.
Yes, both GitLab Community Edition (CE) and Enterprise Edition (EE) are affected by CVE-2017-12426.