UBUNTU-CVE-2017-0919

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2017-0919

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-0919.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2017-0919

Upstream

CVE-2017-0919

Published

2018-07-03T21:29:00Z

Modified

2025-10-24T04:46:05Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized.

References

Affected packages

Ubuntu:16.04:LTS / gitlab

Package

Name: gitlab
Purl: pkg:deb/ubuntu/gitlab@8.5.8+dfsg-5?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.4.3+dfsg-9

8.4.3+dfsg-12

8.5.8+dfsg-5

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "gitlab",
            "binary_version": "8.5.8+dfsg-5"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-0919.json"