Lucene search
HackeroneCVELIST:CVE-2017-0920HistoryMar 22, 2018 - 3:00 p.m.
CVE-2017-0920
2018-03-2215:00:00
CWE-639
hackerone
www.cve.org
1
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance.
CNA Affected
[
{
"product": "GitLab Community and Enterprise Editions",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": "Versions before 10.1.6, 10.2.6, and 10.3.4"
}
]
}
]Related
debian
debian
[SECURITY] [DSA 4206-2] gitlab regression update
2018-05-26 13:29:30
[SECURITY] [DSA 4206-2] gitlab regression update
2018-05-26 13:29:30
[SECURITY] [DSA 4206-1] gitlab security update
2018-05-21 16:47:29
cve
cve
CVE-2017-0920
2018-03-22 15:29:00
debiancve
debiancve
CVE-2017-0920
2018-03-22 15:29:00
nvd
nvd
CVE-2017-0920
2018-03-22 15:29:00
osv
osv
CVE-2017-0920
2018-03-22 15:29:00
gitlab - security update
2018-05-21 00:00:00
prion
prion
Authorization
2018-03-22 15:29:00
ubuntucve
ubuntucve
CVE-2017-0920
2018-03-22 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-4206-1)
2018-05-20 00:00:00
nessus
nessus
Debian DSA-4206-1 : gitlab - security update
2018-05-23 00:00:00