| |
Vulnerability CVE-2017-0921
Published: 2018-07-03
Description: |
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised. |
Type:
CWE-640 (Weak Password Recovery Mechanism for Forgotten Password)
CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
6.8/10 |
6.4/10 |
8.6/10 |
Exploit range |
Attack complexity |
Authentication |
Remote |
Medium |
No required |
Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
|
|
|
Copyright 2024, cxsecurity.com
|
|
|