Search...

CVE-2017-0925

2018-03-21T20:29:00

ID CVE-2017-0925
Type cve
Reporter cve@mitre.org
Modified 2019-10-09T23:21:00

Description

Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.

JSON Vulners Source

Initial Source

{"id": "CVE-2017-0925", "bulletinFamily": "NVD", "title": "CVE-2017-0925", "description": "Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.", "published": "2018-03-21T20:29:00", "modified": "2019-10-09T23:21:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0925", "reporter": "cve@mitre.org", "references": ["https://www.debian.org/security/2018/dsa-4145", "https://gitlab.com/gitlab-org/gitlab-ee/issues/3847", "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/"], "cvelist": ["CVE-2017-0925"], "type": "cve", "lastseen": "2020-12-09T20:13:18", "edition": 7, "viewCount": 9, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310704145"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4145-1:42E35"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-4145.NASL"]}], "modified": "2020-12-09T20:13:18", "rev": 2}, "score": {"value": 4.2, "vector": "NONE", "modified": "2020-12-09T20:13:18", "rev": 2}, "vulnersScore": 4.2}, "cpe": ["cpe:/a:gitlab:gitlab:9.5.10", "cpe:/a:gitlab:gitlab:10.2.5", "cpe:/a:gitlab:gitlab:10.1.5", "cpe:/a:gitlab:gitlab:10.3.3", "cpe:/o:debian:debian_linux:9.0"], "affectedSoftware": [{"cpeName": "gitlab:gitlab", "name": "gitlab", "operator": "le", "version": "10.3.3"}, {"cpeName": "gitlab:gitlab", "name": "gitlab", "operator": "le", "version": "10.3.3"}, {"cpeName": "debian:debian_linux", "name": "debian debian linux", "operator": "eq", "version": "9.0"}, {"cpeName": "gitlab:gitlab", "name": "gitlab", "operator": "le", "version": "10.1.5"}, {"cpeName": "gitlab:gitlab", "name": "gitlab", "operator": "le", "version": "10.1.5"}, {"cpeName": "gitlab:gitlab", "name": "gitlab", "operator": "le", "version": "9.5.10"}, {"cpeName": "gitlab:gitlab", "name": "gitlab", "operator": "le", "version": "9.5.10"}, {"cpeName": "gitlab:gitlab", "name": "gitlab", "operator": "le", "version": "10.2.5"}, {"cpeName": "gitlab:gitlab", "name": "gitlab", "operator": "le", "version": "10.2.5"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.9}, "cpe23": ["cpe:2.3:a:gitlab:gitlab:10.1.5:*:*:*:community:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:gitlab:gitlab:10.3.3:*:*:*:community:*:*:*", "cpe:2.3:a:gitlab:gitlab:10.2.5:*:*:*:community:*:*:*", "cpe:2.3:a:gitlab:gitlab:9.5.10:*:*:*:community:*:*:*", "cpe:2.3:a:gitlab:gitlab:9.5.10:*:*:*:enterprise:*:*:*", "cpe:2.3:a:gitlab:gitlab:10.2.5:*:*:*:enterprise:*:*:*", "cpe:2.3:a:gitlab:gitlab:10.3.3:*:*:*:enterprise:*:*:*", "cpe:2.3:a:gitlab:gitlab:10.1.5:*:*:*:enterprise:*:*:*"], "cwe": ["CWE-319"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:gitlab:gitlab:10.2.5:*:*:*:community:*:*:*", "versionEndIncluding": "10.2.5", "versionStartIncluding": "10.2.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gitlab:gitlab:10.1.5:*:*:*:enterprise:*:*:*", "versionEndIncluding": "10.1.5", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gitlab:gitlab:10.3.3:*:*:*:community:*:*:*", "versionEndIncluding": "10.3.3", "versionStartIncluding": "10.3.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gitlab:gitlab:10.1.5:*:*:*:community:*:*:*", "versionEndIncluding": "10.1.5", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gitlab:gitlab:9.5.10:*:*:*:community:*:*:*", "versionEndIncluding": "9.5.10", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gitlab:gitlab:10.3.3:*:*:*:enterprise:*:*:*", "versionEndIncluding": "10.3.3", "versionStartIncluding": "10.3.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gitlab:gitlab:9.5.10:*:*:*:enterprise:*:*:*", "versionEndIncluding": "9.5.10", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gitlab:gitlab:10.2.5:*:*:*:enterprise:*:*:*", "versionEndIncluding": "10.2.5", "versionStartIncluding": "10.2.0", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}}

{"openvas": [{"lastseen": "2019-07-04T18:56:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-0917", "CVE-2017-0915", "CVE-2018-3710", "CVE-2017-0916", "CVE-2017-0926", "CVE-2017-0925", "CVE-2017-0918"], "description": "Several vulnerabilities have been discovered in Gitlab, a software\nplatform to collaborate on code:\n\nCVE-2017-0915 / CVE-2018-3710\nArbitrary code execution in project import.\n\nCVE-2017-0916\nCommand injection via Webhooks.\n\nCVE-2017-0917\nCross-site scripting in CI job output.\n\nCVE-2017-0918\nInsufficient restriction of CI runner for project cache access.\n\nCVE-2017-0925\nInformation disclosure in Services API.\n\nCVE-2017-0926\nRestrictions for disabled OAuth providers could be bypassed.", "modified": "2019-07-04T00:00:00", "published": "2018-03-18T00:00:00", "id": "OPENVAS:1361412562310704145", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704145", "type": "openvas", "title": "Debian Security Advisory DSA 4145-1 (gitlab - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4145-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704145\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2017-0915\", \"CVE-2017-0916\", \"CVE-2017-0917\", \"CVE-2017-0918\", \"CVE-2017-0925\", \"CVE-2017-0926\", \"CVE-2018-3710\");\n script_name(\"Debian Security Advisory DSA 4145-1 (gitlab - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-18 00:00:00 +0100 (Sun, 18 Mar 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4145.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"gitlab on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 8.13.11+dfsg1-8+deb9u1.\n\nWe recommend that you upgrade your gitlab packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/gitlab\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in Gitlab, a software\nplatform to collaborate on code:\n\nCVE-2017-0915 / CVE-2018-3710\nArbitrary code execution in project import.\n\nCVE-2017-0916\nCommand injection via Webhooks.\n\nCVE-2017-0917\nCross-site scripting in CI job output.\n\nCVE-2017-0918\nInsufficient restriction of CI runner for project cache access.\n\nCVE-2017-0925\nInformation disclosure in Services API.\n\nCVE-2017-0926\nRestrictions for disabled OAuth providers could be bypassed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"gitlab\", ver:\"8.13.11+dfsg1-8+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:16", "bulletinFamily": "unix", "cvelist": ["CVE-2017-0917", "CVE-2017-0915", "CVE-2018-3710", "CVE-2017-0916", "CVE-2017-0926", "CVE-2017-0925", "CVE-2017-0918"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4145-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nMarch 18, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : gitlab\nCVE ID : CVE-2017-0915 CVE-2017-0916 CVE-2017-0917 CVE-2017-0918 \n CVE-2017-0925 CVE-2017-0926 CVE-2018-3710\n\nSeveral vulnerabilities have been discovered in Gitlab, a software\nplatform to collaborate on code:\n\nCVE-2017-0915 / CVE-2018-3710\n\n Arbitrary code execution in project import.\n\nCVE-2017-0916\n\n Command injection via Webhooks.\n\nCVE-2017-0917\n\n Cross-site scripting in CI job output.\n\nCVE-2017-0918\n\n Insufficient restriction of CI runner for project cache access.\n\nCVE-2017-0925\n\n Information disclosure in Services API.\n\nCVE-2017-0926\n\n Restrictions for disabled OAuth providers could be bypassed.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 8.13.11+dfsg1-8+deb9u1.\n\nWe recommend that you upgrade your gitlab packages.\n\nFor the detailed security status of gitlab please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/gitlab\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "modified": "2018-03-18T18:51:35", "published": "2018-03-18T18:51:35", "id": "DEBIAN:DSA-4145-1:42E35", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00071.html", "title": "[SECURITY] [DSA 4145-1] gitlab security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-01T01:46:50", "description": "Several vulnerabilities have been discovered in Gitlab, a software\nplatform to collaborate on code :\n\n - CVE-2017-0915/ CVE-2018-3710\n Arbitrary code execution in project import.\n\n - CVE-2017-0916\n Command injection via Webhooks.\n\n - CVE-2017-0917\n Cross-site scripting in CI job output.\n\n - CVE-2017-0918\n Insufficient restriction of CI runner for project cache\n access.\n\n - CVE-2017-0925\n Information disclosure in Services API.\n\n - CVE-2017-0926\n Restrictions for disabled OAuth providers could be\n bypassed.", "edition": 27, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-03-19T00:00:00", "title": "Debian DSA-4145-1 : gitlab - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-0917", "CVE-2017-0915", "CVE-2018-3710", "CVE-2017-0916", "CVE-2017-0926", "CVE-2017-0925", "CVE-2017-0918"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:gitlab", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4145.NASL", "href": "https://www.tenable.com/plugins/nessus/108422", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4145. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108422);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/13 12:30:46\");\n\n script_cve_id(\"CVE-2017-0915\", \"CVE-2017-0916\", \"CVE-2017-0917\", \"CVE-2017-0918\", \"CVE-2017-0925\", \"CVE-2017-0926\", \"CVE-2018-3710\");\n script_xref(name:\"DSA\", value:\"4145\");\n\n script_name(english:\"Debian DSA-4145-1 : gitlab - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in Gitlab, a software\nplatform to collaborate on code :\n\n - CVE-2017-0915/ CVE-2018-3710\n Arbitrary code execution in project import.\n\n - CVE-2017-0916\n Command injection via Webhooks.\n\n - CVE-2017-0917\n Cross-site scripting in CI job output.\n\n - CVE-2017-0918\n Insufficient restriction of CI runner for project cache\n access.\n\n - CVE-2017-0925\n Information disclosure in Services API.\n\n - CVE-2017-0926\n Restrictions for disabled OAuth providers could be\n bypassed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-0915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-3710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-0916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-0917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-0918\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-0925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-0926\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/gitlab\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/gitlab\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4145\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the gitlab packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 8.13.11+dfsg1-8+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gitlab\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"gitlab\", reference:\"8.13.11+dfsg1-8+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}