High severity7.5NVD Advisory· Published Jul 3, 2018· Updated Jun 17, 2026
CVE-2017-0919
CVE-2017-0919
Description
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized.
Affected products
6- Range: <10.1.6, 10.2.6, and 10.3.4
- Range: <10.1.6, 10.2.6, and 10.3.4
- osv-coords4 versionspkg:apk/chainguard/gitlab-operatorpkg:apk/chainguard/gitlab-operator-chartspkg:apk/chainguard/gitlab-operator-compatpkg:apk/chainguard/gitlab-operator-fips
< 0+ 3 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
Patches
Vulnerability mechanics
References
1- hackerone.com/reports/301137nvdThird Party Advisory
News mentions
0No linked articles in our index yet.