Lucene search

CVE-2017-0921

🗓️ 03 Jul 2018 21:00:29Reported by hackeroneType

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised

Reporter	Title	Published	Views	Family All 7
Prion	Design/Logic Flaw	3 Jul 201821:29	–	prion
UbuntuCve	CVE-2017-0921	3 Jul 201800:00	–	ubuntucve
Cvelist	CVE-2017-0921	3 Jul 201821:00	–	cvelist
Debian CVE	CVE-2017-0921	3 Jul 201821:29	–	debiancve
NVD	CVE-2017-0921	3 Jul 201821:29	–	nvd
OSV	CVE-2017-0921	3 Jul 201821:29	–	osv
OpenVAS	GitLab <= 10.1.5, 10.2.x - 10.2.5, 10.3.x - 10.3.3 Multiple Vulnerabilities	25 Mar 202200:00	–	openvas

Nvd

Node

gitlab gitlabRange<10.1.6community

gitlab gitlabRange<10.1.6enterprise

gitlab gitlabRange10.2.0–10.2.6community

gitlab gitlabRange10.2.0–10.2.6enterprise

gitlab gitlabRange10.3.0–10.3.4community

gitlab gitlabRange10.3.0–10.3.4enterprise

Source	Link
about	www.about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

03 Jul 2018 21:29Current

7.9High risk

Vulners AI Score7.9

CVSS26.8

CVSS38.1

EPSS0.00245

CWE-640