oss-sec mailing list archives
[GitLab, Inc.] Update: Gitlab, LDAP integration vulnerable to MITM attack
From: "Kwang (GitLab Support)" <security () gitlab com>
Date: Wed, 20 Dec 2017 22:14:46 +0000
##- Please type your reply above this line -## You are registered as a CC on this support request (86379). Reply to this email to add a comment to the request. ---------------------------------------------- Kwang, Dec 20, 17:14 EST Hi Raphael, Thank you for the heads-up. We will note that on the public issue tracker page. Regards, GitLab Security Team ---------------------------------------------- Raphael Geissert, Dec 17, 15:26 EST Hi, This is just a heads up that I requested a CVE id for issue #30420[1]: gitlab between 9.4 and before 9.4.2 does not verify the identity of the LDAP server. This has been assigned CVE-2017-17716. [1]https://gitlab.com/gitlab-org/gitlab-ce/issues/30420 (needless to say, this wasn't reported by me) Cheers, -- Raphael Geissert -------------------------------- This email is a service from GitLab, Inc.. [NZZ7VK-P4WW]
Current thread:
- Gitlab, LDAP integration vulnerable to MITM attack Raphael Geissert (Dec 17)
- [GitLab, Inc.] Update: Gitlab, LDAP integration vulnerable to MITM attack Kwang (GitLab Support) (Dec 21)