Description
Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.
References (3)
Core 3
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2018/dsa-4145
Issue Tracking x_refsource_confirm
https://gitlab.com/gitlab-org/gitlab-ee/issues/3847
Release Notes, Vendor Advisory x_refsource_confirm
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
Scores
CVSS v3
7.2
EPSS
0.0010
EPSS Percentile
28.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-319
CWE-522
Status
published
Products (2)
debian/debian_linux
9.0
gitlab/gitlab
8.0.0 - 9.5.10 (2 CPE variants)
Published
Mar 21, 2018
Tracked Since
Feb 18, 2026