Published: 24/03/2018 Updated: 05/03/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The Auth0 integration in GitLab prior to 10.3.9, 10.4.x prior to 10.4.6, and 10.5.x prior to 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gitlab gitlab
debian debian linux 9.0

Debian Bug report logs - #893905 gitlab: CVE-2018-8801 CVE-2018-8971 Package: gitlab; Maintainer for gitlab is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Source for gitlab is src:gitlab (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 23 Mar ...

Several vulnerabilities have been discovered in Gitlab, a software platform to collaborate on code: CVE-2017-0920 It was discovered that missing validation of merge requests allowed users to see names to private projects, resulting in information disclosure CVE-2018-8971 It was discovered that the Auth0 integration was implemented ...

CWE-20 https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/https://www.debian.org/security/2018/dsa-4206 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893905 https://nvd.nist.gov https://www.debian.org/security/./dsa-4206

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-8971

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect