First published: Sun Dec 17 2017(Updated: )
GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap library and the gitlab_omniauth-ldap gem.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | =9.4.0 | |
GitLab GitLab | =9.4.0-rc1 | |
GitLab GitLab | =9.4.0-rc2 | |
GitLab GitLab | =9.4.0-rc3 | |
GitLab GitLab | =9.4.0-rc4 | |
GitLab GitLab | =9.4.0-rc5 | |
GitLab GitLab | =9.4.0-rc6 | |
GitLab GitLab | =9.4.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.