Vulnerability-Lookup

CVE-2017-0882 (GCVE-0-2017-0882)

Vulnerability from cvelistv5 – Published: 2017-03-28 02:46 – Updated: 2024-08-05 13:18

Summary

Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC.

Severity ?

No CVSS data available.

CWE

CWE-639 - Authorization Bypass Through User-Controlled Key (CWE-639)

Assigner

hackerone

References

URL

	Vendor	Product	Version
	n/a	GitLab Community Edition and GitLab Enterprise Edition 8.7.0 through 8.15.7, 8.16.0 through 8.16.7, 8.17.0 through 8.17.3	Affected: GitLab Community Edition and GitLab Enterprise Edition 8.7.0 through 8.15.7, 8.16.0 through 8.16.7, 8.17.0 through 8.17.3

GHSA-QGWF-V74M-338M

Vulnerability from github – Published: 2022-05-13 01:38 – Updated: 2025-04-20 03:34

Details

Severity ?

6.3 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-0882"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-28T02:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC.",
  "id": "GHSA-qgwf-v74m-338m",
  "modified": "2025-04-20T03:34:58Z",
  "published": "2022-05-13T01:38:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0882"
    },
    {
      "type": "WEB",
      "url": "https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/43f5a2739dbf8f5c4c16a79f98e2630888f6b5d1"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/a70346fc6530aa28a98e4aa4cf0f40e2c3bcef6b"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/cdf396f456472ef8decd9598daa8dc0097cd30c5"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/29661"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97157"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2017-03001

Vulnerability from cnvd - Published: 2017-03-21

Title

GitLab权限泄露漏洞

Description

GitLab是一个使用Ruby on Rails开发的开源应用程序，实现了一个Git仓库管理平台，可通过Web界面进行访问公开的或者私有的项目。 GitLab存在权限泄露漏洞，当修改任务的分配者信息的时候，API将返回该用户的个人信息详情，其中包括了该用户的authentication_token、encrypted_otp_secret、otp_backup_codes等敏感信息。攻击者可利用这些敏感信息使用该用户的身份和权限操作GitLab。如果用户为管理员权限，可能会造成更大的危害。

Severity

高

Patch Name

GitLab权限泄露漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/

Reference

https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/

Impacted products

Name
['GitLab GitLab >=8.7.0，<=8.15.7', 'GitLab GitLab >=8.16.0，<=8.16.7', 'GitLab GitLab >=8.17.0，<=8.17.3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-0882"
    }
  },
  "description": "GitLab\u662f\u4e00\u4e2a\u4f7f\u7528Ruby on Rails\u5f00\u53d1\u7684\u5f00\u6e90\u5e94\u7528\u7a0b\u5e8f\uff0c\u5b9e\u73b0\u4e86\u4e00\u4e2aGit\u4ed3\u5e93\u7ba1\u7406\u5e73\u53f0\uff0c\u53ef\u901a\u8fc7Web\u754c\u9762\u8fdb\u884c\u8bbf\u95ee\u516c\u5f00\u7684\u6216\u8005\u79c1\u6709\u7684\u9879\u76ee\u3002\r\n\r\nGitLab\u5b58\u5728\u6743\u9650\u6cc4\u9732\u6f0f\u6d1e\uff0c\u5f53\u4fee\u6539\u4efb\u52a1\u7684\u5206\u914d\u8005\u4fe1\u606f\u7684\u65f6\u5019\uff0cAPI\u5c06\u8fd4\u56de\u8be5\u7528\u6237\u7684\u4e2a\u4eba\u4fe1\u606f\u8be6\u60c5\uff0c\u5176\u4e2d\u5305\u62ec\u4e86\u8be5\u7528\u6237\u7684authentication_token\u3001encrypted_otp_secret\u3001otp_backup_codes\u7b49\u654f\u611f\u4fe1\u606f\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8fd9\u4e9b\u654f\u611f\u4fe1\u606f\u4f7f\u7528\u8be5\u7528\u6237\u7684\u8eab\u4efd\u548c\u6743\u9650\u64cd\u4f5cGitLab\u3002\u5982\u679c\u7528\u6237\u4e3a\u7ba1\u7406\u5458\u6743\u9650\uff0c\u53ef\u80fd\u4f1a\u9020\u6210\u66f4\u5927\u7684\u5371\u5bb3\u3002",
  "discovererName": "Strukt",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-03001",
  "openTime": "2017-03-21",
  "patchDescription": "GitLab\u662f\u4e00\u4e2a\u4f7f\u7528Ruby on Rails\u5f00\u53d1\u7684\u5f00\u6e90\u5e94\u7528\u7a0b\u5e8f\uff0c\u5b9e\u73b0\u4e86\u4e00\u4e2aGit\u4ed3\u5e93\u7ba1\u7406\u5e73\u53f0\uff0c\u53ef\u901a\u8fc7Web\u754c\u9762\u8fdb\u884c\u8bbf\u95ee\u516c\u5f00\u7684\u6216\u8005\u79c1\u6709\u7684\u9879\u76ee\u3002\r\n\r\nGitLab\u5b58\u5728\u6743\u9650\u6cc4\u9732\u6f0f\u6d1e\uff0c\u5f53\u4fee\u6539\u4efb\u52a1\u7684\u5206\u914d\u8005\u4fe1\u606f\u7684\u65f6\u5019\uff0cAPI\u5c06\u8fd4\u56de\u8be5\u7528\u6237\u7684\u4e2a\u4eba\u4fe1\u606f\u8be6\u60c5\uff0c\u5176\u4e2d\u5305\u62ec\u4e86\u8be5\u7528\u6237\u7684authentication_token\u3001encrypted_otp_secret\u3001otp_backup_codes\u7b49\u654f\u611f\u4fe1\u606f\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8fd9\u4e9b\u654f\u611f\u4fe1\u606f\u4f7f\u7528\u8be5\u7528\u6237\u7684\u8eab\u4efd\u548c\u6743\u9650\u64cd\u4f5cGitLab\u3002\u5982\u679c\u7528\u6237\u4e3a\u7ba1\u7406\u5458\u6743\u9650\uff0c\u53ef\u80fd\u4f1a\u9020\u6210\u66f4\u5927\u7684\u5371\u5bb3\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "GitLab\u6743\u9650\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "GitLab GitLab \u003e=8.7.0\uff0c\u003c=8.15.7",
      "GitLab GitLab \u003e=8.16.0\uff0c\u003c=8.16.7",
      "GitLab GitLab \u003e=8.17.0\uff0c\u003c=8.17.3"
    ]
  },
  "referenceLink": "https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/",
  "serverity": "\u9ad8",
  "submitTime": "2017-03-21",
  "title": "GitLab\u6743\u9650\u6cc4\u9732\u6f0f\u6d1e"
}

FKIE_CVE-2017-0882

Vulnerability from fkie_nvd - Published: 2017-03-28 02:59 - Updated: 2025-04-20 01:37

Severity ?

6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Summary

References

URL	Tags
support@hackerone.com	http://www.securityfocus.com/bid/97157	Third Party Advisory, VDB Entry
support@hackerone.com	https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/	Release Notes, Vendor Advisory
support@hackerone.com	https://gitlab.com/gitlab-org/gitlab-ce/commit/43f5a2739dbf8f5c4c16a79f98e2630888f6b5d1	Patch, Vendor Advisory
support@hackerone.com	https://gitlab.com/gitlab-org/gitlab-ce/commit/a70346fc6530aa28a98e4aa4cf0f40e2c3bcef6b	Patch, Vendor Advisory
support@hackerone.com	https://gitlab.com/gitlab-org/gitlab-ce/commit/cdf396f456472ef8decd9598daa8dc0097cd30c5	Patch, Vendor Advisory
support@hackerone.com	https://gitlab.com/gitlab-org/gitlab-ce/issues/29661	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/97157	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gitlab.com/gitlab-org/gitlab-ce/commit/43f5a2739dbf8f5c4c16a79f98e2630888f6b5d1	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gitlab.com/gitlab-org/gitlab-ce/commit/a70346fc6530aa28a98e4aa4cf0f40e2c3bcef6b	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gitlab.com/gitlab-org/gitlab-ce/commit/cdf396f456472ef8decd9598daa8dc0097cd30c5	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gitlab.com/gitlab-org/gitlab-ce/issues/29661	Exploit, Vendor Advisory

Impacted products

Vendor	Product	Version
gitlab	gitlab	8.2.0
gitlab	gitlab	8.2.1
gitlab	gitlab	8.2.2
gitlab	gitlab	8.2.3
gitlab	gitlab	8.2.4
gitlab	gitlab	8.2.5
gitlab	gitlab	8.3.0
gitlab	gitlab	8.3.8
gitlab	gitlab	8.3.9
gitlab	gitlab	8.4.0
gitlab	gitlab	8.4.9
gitlab	gitlab	8.4.10
gitlab	gitlab	8.5.0
gitlab	gitlab	8.5.11
gitlab	gitlab	8.5.12
gitlab	gitlab	8.6.0
gitlab	gitlab	8.6.7
gitlab	gitlab	8.6.8
gitlab	gitlab	8.7.0
gitlab	gitlab	8.7.1
gitlab	gitlab	8.10.0
gitlab	gitlab	8.10.12
gitlab	gitlab	8.10.13
gitlab	gitlab	8.11.0
gitlab	gitlab	8.11.9
gitlab	gitlab	8.11.10
gitlab	gitlab	8.12.0
gitlab	gitlab	8.12.7
gitlab	gitlab	8.12.8
gitlab	gitlab	8.13.0
gitlab	gitlab	8.13.2
gitlab	gitlab	8.13.3
gitlab	gitlab	8.14.0
gitlab	gitlab	8.14.1
gitlab	gitlab	8.14.2
gitlab	gitlab	8.14.3
gitlab	gitlab	8.14.4
gitlab	gitlab	8.14.5
gitlab	gitlab	8.14.6
gitlab	gitlab	8.15.0
gitlab	gitlab	8.15.1
gitlab	gitlab	8.15.2
gitlab	gitlab	8.15.3
gitlab	gitlab	8.15.4
gitlab	gitlab	8.15.5
gitlab	gitlab	8.15.6
gitlab	gitlab	8.15.7
gitlab	gitlab	8.16.0
gitlab	gitlab	8.16.1
gitlab	gitlab	8.16.2
gitlab	gitlab	8.16.3
gitlab	gitlab	8.16.4
gitlab	gitlab	8.16.5
gitlab	gitlab	8.16.6
gitlab	gitlab	8.16.7
gitlab	gitlab	8.17.0
gitlab	gitlab	8.17.1
gitlab	gitlab	8.17.2
gitlab	gitlab	8.17.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F6ACB05-8D9C-4ECA-B16B-C921E4FD31DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "27A9A324-CAAF-44E2-ADC0-E53AE2A7E938",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "23B02581-E578-4E7F-96C9-4F7A96BE7860",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "68D04194-FB0E-453E-B929-D1325DA16A7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "557FA9F7-F3EC-488C-95F7-C5C46193FAD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE38D462-28F8-4356-B80D-7BEB45051E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AB1E9DA-044D-4C0F-B9D2-7968EEAC1E53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "009D7D10-9596-4BDE-8316-7F12C2661DA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AADF57A-A54C-4FE9-9DCB-B7FD3C961BA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B4C899C-79DD-4BF0-A47F-AC7BDCB0E9D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "193016A1-7935-43C3-99DF-0DA2810DBDAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA3D7D48-E172-4F2F-8307-F251B52B175F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB84AB58-030E-4D9C-80FC-F95D9A9F89C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FA814A1-FD0B-4E47-844A-285E379843F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A269B0E-7DEC-45BA-8F81-26D38DD10272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "671B6F4B-DD3F-4E1A-9CE4-A6F9381BC4AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C232B818-420C-4ED6-AB7C-FB1605B18984",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "36543899-741F-4C1D-9E40-653D256F5FAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E41E3701-D240-4B18-919B-E2B64950FCF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A7829B6-98E9-4364-9A2E-2DFD61C3265F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CAC2DE6-B831-4007-993B-A09174A03287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.10.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "684B8D23-4FFF-4B51-A2B4-B92B2F2FFD46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.10.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "3376C0CB-F443-40CD-92DE-E2A753BBCB7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA526583-A266-41A9-B692-189FB4E04DD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.11.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC9C7F22-2BAC-4598-9802-E00A889A776B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.11.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3AF796E-AC2A-4960-81E6-988FE2F8F889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E538AD7-ED6B-4092-96A5-FC3C60433BE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.12.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8105E28D-A21C-4C89-8235-0292F3D1DCE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.12.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2E64274-D2C0-4CE2-986C-9DA47D0CF14C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C40FEF39-FBD8-49D3-ACB5-DA4CE6275997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFD032AA-5160-4446-8256-BF3993C0C6D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F7D77B-E9F9-429C-9000-E4EB8D6C6E05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B3C6A7-EB60-41DA-AB67-CB5CF93B0A04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "79E47F6A-A7E1-4876-8C05-329959522C97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CF6FC6C-2489-4798-8143-985C2101CDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.14.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "126EE901-4DCB-4404-9B63-91692569A9E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.14.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D830B0CD-050C-43BE-8D5C-896B8EE8CBC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C1A1D52-0962-4330-B81D-B85FCA38F5CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.14.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "80FF90DE-8982-4F56-8444-11D6C920646D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "50E67A7C-962E-49EE-8B4C-86D764770EDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE48CAF-F691-4409-96F9-CBB3903D251D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2B07763-013A-48EE-AFB7-3CBB3DFAD60C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDE7E4A-12A3-46A6-AE35-075247CF1226",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.15.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3C2EAC-68C0-4444-A366-238A54A96484",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.15.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42C1AA52-622D-4867-AB95-C64DDC185454",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.15.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "572A743D-ACAD-43B4-AD99-6C9DFE48A870",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.15.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0915C33D-41C1-43EB-BA21-D6037362EE8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1965736-D73F-44DC-BA29-D992CCEA9657",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E274B52-360B-4F06-B307-89C6D044E444",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02F132ED-1CC0-4A58-988F-B61D69FEB99E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.16.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9663040-C06C-4C11-9384-6DE1DE64A8C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.16.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D20B405B-38EB-4F10-AAE3-700EBB5F5E02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.16.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B9BEA77-CE45-4F92-B525-B1544B5B14A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.16.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA429762-A81D-4C40-8A66-1EF4E39DCFEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.16.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C06917C-E634-4C67-8DB9-7C98DA7E3883",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF7CEF22-F432-4D22-87C2-1E13BEBCDE7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94FFBA26-4229-4E61-9B0E-A6E5E09FDB05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08A74068-14F2-4976-86DE-818683A1FF7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:8.17.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "045FF5B3-7AE0-48B0-8266-CB515BC9B20D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC."
    },
    {
      "lang": "es",
      "value": "Multiples versiones de GitLab exponen credenciales de usuario confidenciales al asignar un usuario a una solicitud de emisi\u00f3n o de combinaci\u00f3n. Una correci\u00f3n fue incluida en las versiones 8.15.8, 8.16.7 y 8.17.4, que se publicaron el 20 de marzo de 2017 a las 23:59 UTC."
    }
  ],
  "id": "CVE-2017-0882",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-03-28T02:59:01.497",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97157"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/43f5a2739dbf8f5c4c16a79f98e2630888f6b5d1"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/a70346fc6530aa28a98e4aa4cf0f40e2c3bcef6b"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/cdf396f456472ef8decd9598daa8dc0097cd30c5"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/29661"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/43f5a2739dbf8f5c4c16a79f98e2630888f6b5d1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/a70346fc6530aa28a98e4aa4cf0f40e2c3bcef6b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/cdf396f456472ef8decd9598daa8dc0097cd30c5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/29661"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-639"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2017-0882

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2017-0882

Aliases

CVE-2017-0882

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-0882",
    "description": "Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC.",
    "id": "GSD-2017-0882",
    "references": [
      "https://www.suse.com/security/cve/CVE-2017-0882.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-0882"
      ],
      "details": "Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC.",
      "id": "GSD-2017-0882",
      "modified": "2023-12-13T01:20:59.730103Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "support@hackerone.com",
        "ID": "CVE-2017-0882",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "GitLab Community Edition and GitLab Enterprise Edition 8.7.0 through 8.15.7, 8.16.0 through 8.16.7, 8.17.0 through 8.17.3",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "GitLab Community Edition and GitLab Enterprise Edition 8.7.0 through 8.15.7, 8.16.0 through 8.16.7, 8.17.0 through 8.17.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Authorization Bypass Through User-Controlled Key (CWE-639)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://gitlab.com/gitlab-org/gitlab-ce/commit/cdf396f456472ef8decd9598daa8dc0097cd30c5",
            "refsource": "MISC",
            "url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/cdf396f456472ef8decd9598daa8dc0097cd30c5"
          },
          {
            "name": "https://gitlab.com/gitlab-org/gitlab-ce/commit/a70346fc6530aa28a98e4aa4cf0f40e2c3bcef6b",
            "refsource": "MISC",
            "url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/a70346fc6530aa28a98e4aa4cf0f40e2c3bcef6b"
          },
          {
            "name": "97157",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/97157"
          },
          {
            "name": "https://gitlab.com/gitlab-org/gitlab-ce/commit/43f5a2739dbf8f5c4c16a79f98e2630888f6b5d1",
            "refsource": "MISC",
            "url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/43f5a2739dbf8f5c4c16a79f98e2630888f6b5d1"
          },
          {
            "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/29661",
            "refsource": "MISC",
            "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/29661"
          },
          {
            "name": "https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/",
            "refsource": "MISC",
            "url": "https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.14.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.14.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.14.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.14.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.15.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.15.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.4.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.4.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.17.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.17.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.16.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.16.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.15.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.15.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.5.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.13.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.13.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.10.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.3.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.12.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.11.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.11.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.17.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.16.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.16.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.16.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.16.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.14.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.14.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.17.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.16.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.16.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.15.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.15.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.5.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.12.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gitlab:gitlab:8.10.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-assignments@hackerone.com",
          "ID": "CVE-2017-0882"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/29661",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Vendor Advisory"
              ],
              "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/29661"
            },
            {
              "name": "https://gitlab.com/gitlab-org/gitlab-ce/commit/cdf396f456472ef8decd9598daa8dc0097cd30c5",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/cdf396f456472ef8decd9598daa8dc0097cd30c5"
            },
            {
              "name": "https://gitlab.com/gitlab-org/gitlab-ce/commit/a70346fc6530aa28a98e4aa4cf0f40e2c3bcef6b",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/a70346fc6530aa28a98e4aa4cf0f40e2c3bcef6b"
            },
            {
              "name": "https://gitlab.com/gitlab-org/gitlab-ce/commit/43f5a2739dbf8f5c4c16a79f98e2630888f6b5d1",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/43f5a2739dbf8f5c4c16a79f98e2630888f6b5d1"
            },
            {
              "name": "https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/"
            },
            {
              "name": "97157",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/97157"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.4
        }
      },
      "lastModifiedDate": "2019-10-09T23:21Z",
      "publishedDate": "2017-03-28T02:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-0882 (GCVE-0-2017-0882)

GHSA-QGWF-V74M-338M

CNVD-2017-03001

FKIE_CVE-2017-0882

GSD-2017-0882

Tags

Sightings

Nomenclature