CVE-2017-0927
MEDIUMGitLab 8.16.0-9.5.9 - Unauthenticated Improper Authorization in Deployment Keys
Title source: llmDescription
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users.
References (2)
Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://gitlab.com/gitlab-org/gitlab-ce/issues/37594
Vendor Advisory x_refsource_confirm
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
Scores
CVSS v3
6.5
EPSS
0.0009
EPSS Percentile
26.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-285
CWE-863
Status
published
Products (1)
gitlab/gitlab
8.16.0 - 9.5.10 (2 CPE variants)
Published
Mar 21, 2018
Tracked Since
Feb 18, 2026