CVE-2017-0925

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-0925
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-0925.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-0925
Downstream
Published
2018-03-21T20:29:00.747Z
Modified
2025-11-20T13:30:33.813647Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
d90716aff22310b27734df86d287d2cb4084fdbb
Last affected
3ec4b67ffebfd15dd22fca7b35b0405454422df7
Introduced
6369db0196ec7b6e288b16382c95243424a59b62
Last affected
3f64be9aeeb1a8c7c88b50bdf0212118dc265ce6
Introduced
235b8d50ad14e7cdf4bc61c3df070f38dee97974
Last affected
5a1abb98b40ef0047d634b6ff09c3379da46cff9
Introduced
b50421f8650a390aa637da68c7e0138dd764fdf3
Last affected
9c32fedb6d29601a9cb698a25f8b917724b484b3

Affected versions

v10.*

v10.2.0
v10.2.0-ee
v10.2.0-rc1
v10.2.0-rc1-ee
v10.2.0-rc2
v10.2.0-rc2-ee
v10.2.0-rc3
v10.2.0-rc3-ee
v10.2.0-rc4
v10.2.0-rc4-ee
v10.2.0.pre
v10.2.1
v10.2.1-ee
v10.2.2
v10.2.2-ee
v10.2.3
v10.2.3-ee
v10.2.4
v10.2.4-ee
v10.2.5-ee
v10.3.0
v10.3.0-ee
v10.3.0-rc1
v10.3.0-rc1-ee
v10.3.0-rc2
v10.3.0-rc2-ee
v10.3.0-rc3
v10.3.0-rc3-ee
v10.3.0-rc4
v10.3.0-rc4-ee
v10.3.0-rc5
v10.3.0-rc5-ee
v10.3.0.pre
v10.3.1
v10.3.1-ee
v10.3.2
v10.3.2-ee
v10.3.3-ee

v6.*

v6.0.0-ee
v6.0.0-ee.beta
v6.0.0-ee.rc1
v6.1.0-ee
v6.2.1
v6.2.2
v6.3.0-ee
v6.3.1-ee
v6.4.0-ee
v6.4.1
v6.4.2
v6.4.3
v6.5.0-ee
v6.5.1
v6.6.0-ee
v6.6.1
v6.6.2
v6.7.0-ee
v6.7.0.rc1-ee
v6.7.1
v6.7.2
v6.8.0-ee
v6.8.1

v7.*

v7.0.0-ee
v7.1.0-ee
v7.1.0.rc1-ee
v7.2.0.rc1-ee
v7.2.0.rc2-ee
v7.2.0.rc3-ee
v7.2.0.rc4-ee
v7.2.0.rc5-ee
v7.3.0-ee
v7.3.0.rc1-ee
v7.4.0-ee
v7.4.1-ee
v7.4.2-ee
v7.4.3-ee
v7.4.4-ee

v8.*

v8.11.0
v8.11.0-ee
v8.11.0-rc1
v8.11.0-rc1-ee
v8.11.0-rc2
v8.11.0-rc2-ee
v8.11.0-rc3
v8.11.0-rc3-ee
v8.11.0-rc4
v8.11.0-rc4-ee
v8.11.0-rc5
v8.11.0-rc5-ee
v8.11.0-rc6
v8.11.0-rc6-ee
v8.11.0-rc7
v8.11.0-rc7-ee
v8.11.1
v8.12.0
v8.12.0-ee
v8.12.0-rc1
v8.12.0-rc1-ee
v8.12.0-rc2
v8.12.0-rc2-ee
v8.12.0-rc3
v8.12.0-rc3-ee
v8.12.0-rc4
v8.12.0-rc4-ee
v8.12.0-rc5
v8.12.0-rc5-ee
v8.12.0-rc6
v8.12.0-rc6-ee
v8.12.0-rc7
v8.12.0-rc7-ee
v8.12.0.pre
v8.12.1
v8.12.1-ee
v8.12.2
v8.12.2-ee
v8.12.3-ee
v8.2.0-ee
v8.2.0.rc1
v8.2.0.rc1-ee
v8.2.0.rc2
v8.2.0.rc2-ee
v8.8.0
v8.8.0-ee
v8.8.0-rc1
v8.8.0-rc1-ee
v8.8.0-rc2
v8.8.0-rc2-ee
v8.8.1-ee

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-0925.json"