VYPR
High severity8.1NVD Advisory· Published Jul 3, 2018· Updated Jun 17, 2026

CVE-2017-0921

CVE-2017-0921

Description

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised.

Affected products

6

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.