CVE-2017-0919

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-0919

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-0919.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-0919

Downstream

UBUNTU-CVE-2017-0919

Related

CGA-8qfc-rgr9-rgfc

Published

2018-07-03T21:29:00.293Z

Modified

2026-04-10T03:55:57.535640Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized.

References

https://hackerone.com/reports/301137

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

Fixed

0c1dc982000dc78b0ba68700f74f78a8a72584fe

Introduced

Fixed

0c1dc982000dc78b0ba68700f74f78a8a72584fe

Introduced

d90716aff22310b27734df86d287d2cb4084fdbb

Fixed

bf756fb1e0968aa25ff444358c9c50b568b5b7f5

Introduced

d90716aff22310b27734df86d287d2cb4084fdbb

Fixed

bf756fb1e0968aa25ff444358c9c50b568b5b7f5

Introduced

6369db0196ec7b6e288b16382c95243424a59b62

Fixed

00c14addea672f44ff6b470acf9b41c485db73af

Introduced

6369db0196ec7b6e288b16382c95243424a59b62

Fixed

00c14addea672f44ff6b470acf9b41c485db73af

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "10.1.6"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "10.1.6"
        },
        {
            "introduced": "10.2.0"
        },
        {
            "fixed": "10.2.6"
        },
        {
            "introduced": "10.2.0"
        },
        {
            "fixed": "10.2.6"
        },
        {
            "introduced": "10.3.0"
        },
        {
            "fixed": "10.3.4"
        },
        {
            "introduced": "10.3.0"
        },
        {
            "fixed": "10.3.4"
        }
    ]
}

Affected versions

v1.*

v1.2.0

v1.2.0pre

v1.2.1

v1.2.2

v10.*

v10.1.0-ee

v10.1.0-rc1-ee

v10.1.0-rc2-ee

v10.1.0-rc3-ee

v10.1.0-rc4-ee

v10.1.1-ee

v10.1.2-ee

v10.1.3-ee

v10.1.4-ee

v10.1.5-ee

v10.2.0-ee

v10.2.0-rc1-ee

v10.2.0-rc2-ee

v10.2.0-rc3-ee

v10.2.0-rc4-ee

v10.2.1-ee

v10.2.2-ee

v10.2.3-ee

v10.2.4-ee

v10.2.5-ee

v10.3.0-ee

v10.3.0-rc1-ee

v10.3.0-rc2-ee

v10.3.0-rc3-ee

v10.3.0-rc4-ee

v10.3.0-rc5-ee

v10.3.1-ee

v10.3.2-ee

v10.3.3-ee

v2.*

v2.3.0

v2.3.0pre

v2.3.1

v2.4.0

v2.4.0pre

v2.4.1

v2.5.0

v2.6.0

v2.6.0pre

v2.6.1

v2.6.2

v2.6.3

v2.7.0

v2.7.0pre

v2.8.0

v2.8.0pre

v2.8.1

v2.8.2

v2.9.0

v2.9.1

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.1.0

v4.*

v4.0.0

v4.0.0rc1

v4.0.0rc2

v5.*

v5.0.0

v5.1.0

v5.2.0

v6.*

v6.0.0-ee

v6.0.0-ee.beta

v6.0.0-ee.rc1

v6.1.0-ee

v6.3.0-ee

v6.3.1-ee

v6.4.0-ee

v6.5.0-ee

v6.6.0-ee

v6.7.0-ee

v6.7.0.rc1-ee

v6.8.0-ee

v7.*

v7.0.0-ee

v7.1.0-ee

v7.1.0.rc1-ee

v7.2.0.rc1-ee

v7.2.0.rc2-ee

v7.2.0.rc3-ee

v7.2.0.rc4-ee

v7.2.0.rc5-ee

v7.3.0-ee

v7.3.0.rc1-ee

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-0919.json"