Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-0882

Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC.

Published

2017-03-28T02:59:01.497

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 6.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-639
Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gitlab	gitlab	8.2.0	Yes
Application	gitlab	gitlab	8.2.1	Yes
Application	gitlab	gitlab	8.2.2	Yes
Application	gitlab	gitlab	8.2.3	Yes
Application	gitlab	gitlab	8.2.4	Yes
Application	gitlab	gitlab	8.2.5	Yes
Application	gitlab	gitlab	8.3.0	Yes
Application	gitlab	gitlab	8.3.8	Yes
Application	gitlab	gitlab	8.3.9	Yes
Application	gitlab	gitlab	8.4.0	Yes
Application	gitlab	gitlab	8.4.9	Yes
Application	gitlab	gitlab	8.4.10	Yes
Application	gitlab	gitlab	8.5.0	Yes
Application	gitlab	gitlab	8.5.11	Yes
Application	gitlab	gitlab	8.5.12	Yes
Application	gitlab	gitlab	8.6.0	Yes
Application	gitlab	gitlab	8.6.7	Yes
Application	gitlab	gitlab	8.6.8	Yes
Application	gitlab	gitlab	8.7.0	Yes
Application	gitlab	gitlab	8.7.1	Yes
Application	gitlab	gitlab	8.10.0	Yes
Application	gitlab	gitlab	8.10.12	Yes
Application	gitlab	gitlab	8.10.13	Yes
Application	gitlab	gitlab	8.11.0	Yes
Application	gitlab	gitlab	8.11.9	Yes
Application	gitlab	gitlab	8.11.10	Yes
Application	gitlab	gitlab	8.12.0	Yes
Application	gitlab	gitlab	8.12.7	Yes
Application	gitlab	gitlab	8.12.8	Yes
Application	gitlab	gitlab	8.13.0	Yes
Application	gitlab	gitlab	8.13.2	Yes
Application	gitlab	gitlab	8.13.3	Yes
Application	gitlab	gitlab	8.14.0	Yes
Application	gitlab	gitlab	8.14.1	Yes
Application	gitlab	gitlab	8.14.2	Yes
Application	gitlab	gitlab	8.14.3	Yes
Application	gitlab	gitlab	8.14.4	Yes
Application	gitlab	gitlab	8.14.5	Yes
Application	gitlab	gitlab	8.14.6	Yes
Application	gitlab	gitlab	8.15.0	Yes
Application	gitlab	gitlab	8.15.1	Yes
Application	gitlab	gitlab	8.15.2	Yes
Application	gitlab	gitlab	8.15.3	Yes
Application	gitlab	gitlab	8.15.4	Yes
Application	gitlab	gitlab	8.15.5	Yes
Application	gitlab	gitlab	8.15.6	Yes
Application	gitlab	gitlab	8.15.7	Yes
Application	gitlab	gitlab	8.16.0	Yes
Application	gitlab	gitlab	8.16.1	Yes
Application	gitlab	gitlab	8.16.2	Yes
Application	gitlab	gitlab	8.16.3	Yes
Application	gitlab	gitlab	8.16.4	Yes
Application	gitlab	gitlab	8.16.5	Yes
Application	gitlab	gitlab	8.16.6	Yes
Application	gitlab	gitlab	8.16.7	Yes
Application	gitlab	gitlab	8.17.0	Yes
Application	gitlab	gitlab	8.17.1	Yes
Application	gitlab	gitlab	8.17.2	Yes
Application	gitlab	gitlab	8.17.3	Yes

References

http://www.securityfocus.com/bid/97157 Third Party Advisory, VDB Entry ([email protected])
https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/ Release Notes, Vendor Advisory ([email protected])
https://gitlab.com/gitlab-org/gitlab-ce/commit/43f5a2739dbf8f5c4c16a79f98e2630888f6b5d1 Patch, Vendor Advisory ([email protected])
https://gitlab.com/gitlab-org/gitlab-ce/commit/a70346fc6530aa28a98e4aa4cf0f40e2c3bcef6b Patch, Vendor Advisory ([email protected])
https://gitlab.com/gitlab-org/gitlab-ce/commit/cdf396f456472ef8decd9598daa8dc0097cd30c5 Patch, Vendor Advisory ([email protected])
https://gitlab.com/gitlab-org/gitlab-ce/issues/29661 Exploit, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/97157 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/ Release Notes, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/gitlab-org/gitlab-ce/commit/43f5a2739dbf8f5c4c16a79f98e2630888f6b5d1 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/gitlab-org/gitlab-ce/commit/a70346fc6530aa28a98e4aa4cf0f40e2c3bcef6b Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/gitlab-org/gitlab-ce/commit/cdf396f456472ef8decd9598daa8dc0097cd30c5 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/gitlab-org/gitlab-ce/issues/29661 Exploit, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)