oss-sec mailing list archives

Gitlab, LDAP integration vulnerable to MITM attack

From: Raphael Geissert <atomo64 () gmail com>
Date: Sun, 17 Dec 2017 21:26:09 +0100

Hi,

This is just a heads up that I requested a CVE id for issue #30420[1]:
gitlab
between 9.4 and before 9.4.2 does not verify the identity of the LDAP
server.

This has been assigned CVE-2017-17716.

[1]https://gitlab.com/gitlab-org/gitlab-ce/issues/30420
(needless to say, this wasn't reported by me)

Cheers,
-- 
Raphael Geissert

Current thread:

Gitlab, LDAP integration vulnerable to MITM attack Raphael Geissert (Dec 17)
- [GitLab, Inc.] Update: Gitlab, LDAP integration vulnerable to MITM attack Kwang (GitLab Support) (Dec 21)