CVE-2017-0915

CRITICAL

Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution.

CVSS v3.0 Score

9.8

/ 10.0

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Information

Published: 21 mars 2018
Updated: 21 nov. 2024
Status: Modified
Source: support@hackerone.com

Affected products

gitlab gitlab

Versions : 9.5.10, 10.1.5, 10.2.5, 10.3.3

debian debian linux

Versions : 9.0

Weaknesses (CWE)

CWE-77CWE-20

References (6)

https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
Vendor Advisory
https://hackerone.com/reports/298873
Permissions Required
https://www.debian.org/security/2018/dsa-4145
Third Party Advisory
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
Vendor Advisory
https://hackerone.com/reports/298873
Permissions Required
https://www.debian.org/security/2018/dsa-4145
Third Party Advisory

Similar CVEs

Other vulnerabilities of type CWE-77

Loading…

Monitor your products

Get automatic alerts for every new CVE affecting your equipment.

Enable monitoring