CVE-2017-12426

HIGH

GitLab CE/EE <8.17.8, <9.0.13, <9.1.10, <9.2.10, <9.3.10, <9.4.4 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-12426. PoCs published by sm-paul-schuette.

Description

GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import.

Exploits (1)

nomisec NO CODE

by sm-paul-schuette · poc

https://github.com/sm-paul-schuette/CVE-2017-12426

View Code ZIP pw:eip

References (2)

Core 2

Core References

Mitigation, Release Notes, Vendor Advisory x_refsource_confirm

https://about.gitlab.com/2017/08/10/gitlab-9-dot-4-dot-4-released/

Mailing List mailing-list x_refsource_mlist

https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1466490.html

Scores

CVSS v3 8.8

EPSS 0.0064

EPSS Percentile 70.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (25)

gitlab/gitlab 9.0.0 (2 CPE variants)

gitlab/gitlab 9.0.1 (2 CPE variants)

gitlab/gitlab 9.0.2 (2 CPE variants)

gitlab/gitlab 9.0.3 (2 CPE variants)

gitlab/gitlab 9.0.4 (2 CPE variants)

gitlab/gitlab 9.0.5 (2 CPE variants)

gitlab/gitlab 9.0.6 (2 CPE variants)

gitlab/gitlab 9.0.7 (2 CPE variants)

gitlab/gitlab 9.0.8 (2 CPE variants)

gitlab/gitlab 9.0.9 (2 CPE variants)

... and 15 more

Published Aug 14, 2017

Tracked Since Feb 18, 2026