[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] [GitLab, Inc.] Update: Gitlab, LDAP integration vulnerable to MITM attack
From: "Kwang (GitLab Support)" <security () gitlab ! com>
Date: 2017-12-20 22:14:46
Message-ID: NZZ7VKP4WW_5a3ae0d5ea16f_173b53fbfb8ecb988831843_sprut () zendesk ! com
[Download RAW message or body]
##- Please type your reply above this line -##
You are registered as a CC on this support request (86379). Reply to this=
email to add a comment to the request.
----------------------------------------------
Kwang, Dec 20, 17:14 EST
Hi Raphael,
Thank you for the heads-up. We will note that on the public issue tracker=
page.
Regards,
GitLab Security Team
----------------------------------------------
Raphael Geissert, Dec 17, 15:26 EST
Hi,
This is just a heads up that I requested a CVE id for issue #30420[1]: gi=
tlab
between 9.4 and before 9.4.2 does not verify the identity of the LDAP ser=
ver.
This has been assigned CVE-2017-17716.
[1]https://gitlab.com/gitlab-org/gitlab-ce/issues/30420
(needless to say, this wasn't reported by me)
Cheers,
--
Raphael Geissert
--------------------------------
This email is a service from GitLab, Inc..
[NZZ7VK-P4WW]=
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic