CVE-2017-0925

high

Description

Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.

References

https://www.debian.org/security/2018/dsa-4145

https://gitlab.com/gitlab-org/gitlab-ee/issues/3847

https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/

Details

Source: Mitre, NVD

Published: 2018-03-21

Updated: 2019-10-09

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: High