6.8
CVSSv2

CVE-2017-12426

Published: 14/08/2017 Updated: 25/08/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

GitLab Community Edition (CE) and Enterprise Edition (EE) prior to 8.17.8, 9.0.x prior to 9.0.13, 9.1.x prior to 9.1.10, 9.2.x prior to 9.2.10, 9.3.x prior to 9.3.10, and 9.4.x prior to 9.4.4 might allow remote malicious users to execute arbitrary code via a crafted SSH URL in a project import.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

gitlab gitlab 9.3.2

gitlab gitlab 9.3.3

gitlab gitlab 9.3.4

gitlab gitlab 9.3.5

gitlab gitlab 9.3.8

gitlab gitlab 9.3.9

gitlab gitlab 9.2.0

gitlab gitlab 9.2.1

gitlab gitlab 9.2.2

gitlab gitlab 9.2.5

gitlab gitlab 9.2.6

gitlab gitlab 9.2.7

gitlab gitlab 9.4.0

gitlab gitlab 9.0.12

gitlab gitlab 9.3.6

gitlab gitlab 9.2.8

gitlab gitlab 9.2.4

gitlab gitlab 9.1.4

gitlab gitlab 9.1.0

gitlab gitlab 9.3.1

gitlab gitlab 9.4.3

gitlab gitlab

gitlab gitlab 9.0.9

gitlab gitlab 9.1.5

gitlab gitlab 9.0.10

gitlab gitlab 9.1.2

gitlab gitlab 9.2.3

gitlab gitlab 9.1.3

gitlab gitlab 9.3.7

gitlab gitlab 9.0.11

gitlab gitlab 9.0.2

gitlab gitlab 9.0.8

gitlab gitlab 9.0.1

gitlab gitlab 9.0.6

gitlab gitlab 9.1.6

gitlab gitlab 9.1.7

gitlab gitlab 9.1.1

gitlab gitlab 9.1.8

gitlab gitlab 9.0.5

gitlab gitlab 9.1.9

gitlab gitlab 9.4.1

gitlab gitlab 9.3.0

gitlab gitlab 9.2.9

gitlab gitlab 9.4.2

gitlab gitlab 9.0.3

gitlab gitlab 9.0.4

gitlab gitlab 9.0.7

gitlab gitlab 9.0.0

Vendor Advisories

Debian Bug report logs - #872190 gitlab: CVE-2017-12426: Remote Command Execution in git client Package: src:gitlab; Maintainer for src:gitlab is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 15 Aug 2017 05:45:01 U ...

Recent Articles

Source Code Management Tools Affected by Severe Vulnerability
BleepingComputer • Catalin Cimpanu • 11 Aug 2017

Three of the most popular version control systems (VCSs) used in managing source code projects are vulnerable to a flaw that allows an attacker to run code on a victim's platform, potentially leading to the theft of source code or the hijacking of the underlying machine.
Discovered by Joern Schneeweisz, a security researcher for Recurity Labs, the flaw relies on tricking users into cloning (copying) a source code project via an "
" link.
Schneeweisz says that a URL in the form ...