CVE-2017-0925

MEDIUM

Description

Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.

References

https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/

https://gitlab.com/gitlab-org/gitlab-ee/issues/3847

https://www.debian.org/security/2018/dsa-4145

Details

Source: MITRE

Published: 2018-03-21

Updated: 2018-04-13

Type: CWE-255

Risk Information

CVSS v2.0

Base Score: 4

Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)

Impact Score: 2.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3.0

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.2

Severity: HIGH