[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] [GitLab, Inc.] Update: Gitlab, LDAP integration vulnerable to MITM attack
From:       "Kwang (GitLab Support)" <security () gitlab ! com>
Date:       2017-12-20 22:14:46
Message-ID: NZZ7VKP4WW_5a3ae0d5ea16f_173b53fbfb8ecb988831843_sprut () zendesk ! com
[Download RAW message or body]


##- Please type your reply above this line -##

You are registered as a CC on this support request (86379). Reply to this=
 email to add a comment to the request.

----------------------------------------------

Kwang, Dec 20, 17:14 EST

Hi Raphael,

Thank you for the heads-up. We will note that on the public issue tracker=
 page.

Regards,
GitLab Security Team

----------------------------------------------

Raphael Geissert, Dec 17, 15:26 EST

Hi,

This is just a heads up that I requested a CVE id for issue #30420[1]: gi=
tlab
between 9.4 and before 9.4.2 does not verify the identity of the LDAP ser=
ver.

This has been assigned CVE-2017-17716.

[1]https://gitlab.com/gitlab-org/gitlab-ce/issues/30420
(needless to say, this wasn't reported by me)

Cheers,
--
Raphael Geissert



--------------------------------
This email is a service from GitLab, Inc..









[NZZ7VK-P4WW]=


[prev in list] [next in list] [prev in thread] [next in thread]