CVE-2017-17716

GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap library and the gitlab_omniauth-ldap gem.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:9.4.1:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:9.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:9.4.0:rc6:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:9.4.0:rc5:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:9.4.0:rc4:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:9.4.0:rc3:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:9.4.0:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:9.4.0:rc2:*:*:*:*:*:*

Information

Published : 2017-12-17 09:29

Updated : 2018-01-04 07:42


NVD link : CVE-2017-17716

Mitre link : CVE-2017-17716


JSON object : View

CWE
CWE-295

Improper Certificate Validation

Advertisement

dedicated server usa

Products Affected

gitlab

  • gitlab