High severity8.1NVD Advisory· Published Jul 3, 2018· Updated Jun 17, 2026
CVE-2017-0921
CVE-2017-0921
Description
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised.
Affected products
6- Range: <10.1.6, <10.2.6, <10.3.4
- Range: <10.1.6, <10.2.6, <10.3.4
- osv-coords4 versionspkg:apk/chainguard/gitlab-operatorpkg:apk/chainguard/gitlab-operator-chartspkg:apk/chainguard/gitlab-operator-compatpkg:apk/chainguard/gitlab-operator-fips
< 0+ 3 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.