[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Gitlab, LDAP integration vulnerable to MITM attack
From: Raphael Geissert <atomo64 () gmail ! com>
Date: 2017-12-17 20:26:09
Message-ID: CAA7hUgFJbi9KUCyq732rjf8tbwkTv5Csy5aEbJ3FUxV8wyZT3A () mail ! gmail ! com
[Download RAW message or body]
Hi,
This is just a heads up that I requested a CVE id for issue #30420[1]:
gitlab
between 9.4 and before 9.4.2 does not verify the identity of the LDAP
server.
This has been assigned CVE-2017-17716.
[1]https://gitlab.com/gitlab-org/gitlab-ce/issues/30420
(needless to say, this wasn't reported by me)
Cheers,
--
Raphael Geissert
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic