Lucene search
HistoryAug 02, 2017 - 7:29 p.m.
CVE-2017-11437
cve-2017-11437
gitlab
enterprise edition
security
vulnerability
mirroring
repository
authentication
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.1 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
27.9%
GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users.
Affected configurations
Node
gitlabgitlabMatch8.5.0enterprise
ORgitlabgitlabMatch8.5.1enterprise
ORgitlabgitlabMatch8.5.2enterprise
ORgitlabgitlabMatch8.5.3enterprise
ORgitlabgitlabMatch8.5.4enterprise
ORgitlabgitlabMatch8.5.5enterprise
ORgitlabgitlabMatch8.5.6enterprise
ORgitlabgitlabMatch8.5.7enterprise
ORgitlabgitlabMatch8.5.8enterprise
ORgitlabgitlabMatch8.5.9enterprise
ORgitlabgitlabMatch8.5.10enterprise
ORgitlabgitlabMatch8.5.11enterprise
ORgitlabgitlabMatch8.5.12enterprise
ORgitlabgitlabMatch8.5.13enterprise
ORgitlabgitlabMatch8.6.0enterprise
ORgitlabgitlabMatch8.6.1enterprise
ORgitlabgitlabMatch8.6.2enterprise
ORgitlabgitlabMatch8.6.3enterprise
ORgitlabgitlabMatch8.6.4enterprise
ORgitlabgitlabMatch8.6.5enterprise
ORgitlabgitlabMatch8.6.6enterprise
ORgitlabgitlabMatch8.6.7enterprise
ORgitlabgitlabMatch8.6.8enterprise
ORgitlabgitlabMatch8.6.9enterprise
ORgitlabgitlabMatch8.7.0enterprise
ORgitlabgitlabMatch8.7.1enterprise
ORgitlabgitlabMatch8.7.2enterprise
ORgitlabgitlabMatch8.7.3enterprise
ORgitlabgitlabMatch8.7.4enterprise
ORgitlabgitlabMatch8.7.5enterprise
ORgitlabgitlabMatch8.7.6enterprise
ORgitlabgitlabMatch8.7.7enterprise
ORgitlabgitlabMatch8.7.8enterprise
ORgitlabgitlabMatch8.7.9enterprise
ORgitlabgitlabMatch8.8.0enterprise
ORgitlabgitlabMatch8.8.1enterprise
ORgitlabgitlabMatch8.8.2enterprise
ORgitlabgitlabMatch8.8.3enterprise
ORgitlabgitlabMatch8.8.4enterprise
ORgitlabgitlabMatch8.8.5enterprise
ORgitlabgitlabMatch8.8.6enterprise
ORgitlabgitlabMatch8.8.7enterprise
ORgitlabgitlabMatch8.8.8enterprise
ORgitlabgitlabMatch8.8.9enterprise
ORgitlabgitlabMatch8.9.0enterprise
ORgitlabgitlabMatch8.9.1enterprise
ORgitlabgitlabMatch8.9.2enterprise
ORgitlabgitlabMatch8.9.3enterprise
ORgitlabgitlabMatch8.9.4enterprise
ORgitlabgitlabMatch8.9.5enterprise
ORgitlabgitlabMatch8.9.6enterprise
ORgitlabgitlabMatch8.9.7enterprise
ORgitlabgitlabMatch8.9.10enterprise
ORgitlabgitlabMatch8.9.11enterprise
ORgitlabgitlabMatch8.10.0enterprise
ORgitlabgitlabMatch8.10.1enterprise
ORgitlabgitlabMatch8.10.2enterprise
ORgitlabgitlabMatch8.10.3enterprise
ORgitlabgitlabMatch8.10.4enterprise
ORgitlabgitlabMatch8.10.5enterprise
ORgitlabgitlabMatch8.10.6enterprise
ORgitlabgitlabMatch8.10.7enterprise
ORgitlabgitlabMatch8.10.8enterprise
ORgitlabgitlabMatch8.10.9enterprise
ORgitlabgitlabMatch8.10.10enterprise
ORgitlabgitlabMatch8.10.11enterprise
ORgitlabgitlabMatch8.10.12enterprise
ORgitlabgitlabMatch8.10.13enterprise
ORgitlabgitlabMatch8.11.0enterprise
ORgitlabgitlabMatch8.11.1enterprise
ORgitlabgitlabMatch8.11.2enterprise
ORgitlabgitlabMatch8.11.3enterprise
ORgitlabgitlabMatch8.11.4enterprise
ORgitlabgitlabMatch8.11.5enterprise
ORgitlabgitlabMatch8.11.6enterprise
ORgitlabgitlabMatch8.11.7enterprise
ORgitlabgitlabMatch8.11.8enterprise
ORgitlabgitlabMatch8.11.9enterprise
ORgitlabgitlabMatch8.11.10enterprise
ORgitlabgitlabMatch8.11.11enterprise
ORgitlabgitlabMatch8.12.0enterprise
ORgitlabgitlabMatch8.12.1enterprise
ORgitlabgitlabMatch8.12.2enterprise
ORgitlabgitlabMatch8.12.3enterprise
ORgitlabgitlabMatch8.12.4enterprise
ORgitlabgitlabMatch8.12.5enterprise
ORgitlabgitlabMatch8.12.6enterprise
ORgitlabgitlabMatch8.12.7enterprise
ORgitlabgitlabMatch8.12.8enterprise
ORgitlabgitlabMatch8.12.9enterprise
ORgitlabgitlabMatch8.12.10enterprise
ORgitlabgitlabMatch8.12.11enterprise
ORgitlabgitlabMatch8.12.12enterprise
ORgitlabgitlabMatch8.13.0enterprise
ORgitlabgitlabMatch8.13.1enterprise
ORgitlabgitlabMatch8.13.2enterprise
ORgitlabgitlabMatch8.13.3enterprise
ORgitlabgitlabMatch8.13.4enterprise
ORgitlabgitlabMatch8.13.5enterprise
ORgitlabgitlabMatch8.13.6enterprise
ORgitlabgitlabMatch8.13.7enterprise
ORgitlabgitlabMatch8.13.8enterprise
ORgitlabgitlabMatch8.13.9enterprise
ORgitlabgitlabMatch8.13.10enterprise
ORgitlabgitlabMatch8.13.11enterprise
ORgitlabgitlabMatch8.14.0enterprise
ORgitlabgitlabMatch8.14.1enterprise
ORgitlabgitlabMatch8.14.2enterprise
ORgitlabgitlabMatch8.14.3enterprise
ORgitlabgitlabMatch8.14.4enterprise
ORgitlabgitlabMatch8.14.5enterprise
ORgitlabgitlabMatch8.14.6enterprise
ORgitlabgitlabMatch8.14.8enterprise
ORgitlabgitlabMatch8.14.9enterprise
ORgitlabgitlabMatch8.14.10enterprise
ORgitlabgitlabMatch8.15.0enterprise
ORgitlabgitlabMatch8.15.1enterprise
ORgitlabgitlabMatch8.15.2enterprise
ORgitlabgitlabMatch8.15.3enterprise
ORgitlabgitlabMatch8.15.4enterprise
ORgitlabgitlabMatch8.15.6enterprise
ORgitlabgitlabMatch8.15.7enterprise
ORgitlabgitlabMatch8.15.8enterprise
ORgitlabgitlabMatch8.16.0enterprise
ORgitlabgitlabMatch8.16.1enterprise
ORgitlabgitlabMatch8.16.2enterprise
ORgitlabgitlabMatch8.16.3enterprise
ORgitlabgitlabMatch8.16.4enterprise
ORgitlabgitlabMatch8.16.5enterprise
ORgitlabgitlabMatch8.16.6enterprise
ORgitlabgitlabMatch8.16.7enterprise
ORgitlabgitlabMatch8.16.8enterprise
ORgitlabgitlabMatch8.16.9enterprise
ORgitlabgitlabMatch8.17.0enterprise
ORgitlabgitlabMatch8.17.1enterprise
ORgitlabgitlabMatch8.17.2enterprise
ORgitlabgitlabMatch8.17.3enterprise
ORgitlabgitlabMatch8.17.4enterprise
ORgitlabgitlabMatch8.17.5enterprise
ORgitlabgitlabMatch8.17.6enterprise
Node
gitlabgitlabMatch9.0.0enterprise
ORgitlabgitlabMatch9.0.1enterprise
ORgitlabgitlabMatch9.0.2enterprise
ORgitlabgitlabMatch9.0.3enterprise
ORgitlabgitlabMatch9.0.4enterprise
ORgitlabgitlabMatch9.0.5enterprise
ORgitlabgitlabMatch9.0.6enterprise
ORgitlabgitlabMatch9.0.7enterprise
ORgitlabgitlabMatch9.0.8enterprise
ORgitlabgitlabMatch9.0.9enterprise
ORgitlabgitlabMatch9.0.10enterprise
Node
gitlabgitlabMatch9.1.0enterprise
ORgitlabgitlabMatch9.1.1enterprise
ORgitlabgitlabMatch9.1.2enterprise
ORgitlabgitlabMatch9.1.3enterprise
ORgitlabgitlabMatch9.1.4enterprise
ORgitlabgitlabMatch9.1.5enterprise
ORgitlabgitlabMatch9.1.6enterprise
ORgitlabgitlabMatch9.1.7enterprise
Node
gitlabgitlabMatch9.2.0enterprise
ORgitlabgitlabMatch9.2.1enterprise
ORgitlabgitlabMatch9.2.2enterprise
ORgitlabgitlabMatch9.2.3enterprise
ORgitlabgitlabMatch9.2.4enterprise
ORgitlabgitlabMatch9.2.5enterprise
ORgitlabgitlabMatch9.2.6enterprise
ORgitlabgitlabMatch9.2.7enterprise
Node
gitlabgitlabMatch9.3.0enterprise
ORgitlabgitlabMatch9.3.1enterprise
ORgitlabgitlabMatch9.3.2enterprise
ORgitlabgitlabMatch9.3.3enterprise
ORgitlabgitlabMatch9.3.4enterprise
ORgitlabgitlabMatch9.3.5enterprise
ORgitlabgitlabMatch9.3.6enterprise
ORgitlabgitlabMatch9.3.7enterprise
Related
cvelist
cvelist
CVE-2017-11437
2017-08-02 19:00:00
debiancve
debiancve
CVE-2017-11437
2017-08-02 19:29:00
prion
prion
Design/Logic Flaw
2017-08-02 19:29:00
nvd
nvd
CVE-2017-11437
2017-08-02 19:29:00
ubuntucve
ubuntucve
CVE-2017-11437
2017-08-02 00:00:00
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.1 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
27.9%
Related for CVE-2017-11437