CVE-2017-0882

NameCVE-2017-0882
DescriptionMultiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
Debian Bugs858410

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gitlab (PTS)sid/contrib13.4.7-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gitlabsource(unstable)8.13.11+dfsg-7858410

Notes

https://gitlab.com/gitlab-org/gitlab-ce/issues/29661
https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/

Search for package or bug name: Reporting problems