CVE-2017-11437

MEDIUM

GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users.

CVSS v3.0 Score

6.5

/ 10.0

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Information

Published: 2 août 2017
Updated: 20 avr. 2025
Status: Deferred
Source: cve@mitre.org

Affected products

gitlab gitlab

Versions : 8.5.0, 8.5.1, 8.5.2, 8.5.3, 8.5.4

Weaknesses (CWE)

CWE-732

References (2)

https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/
Vendor Advisory
https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/
Vendor Advisory

Similar CVEs

Other vulnerabilities of type CWE-732

Loading…

Monitor your products

Get automatic alerts for every new CVE affecting your equipment.

Enable monitoring