CVE-2017-17716

GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap library and the gitlab_omniauth-ldap gem.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:9.4.0:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:9.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:9.4.0:rc2:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:9.4.0:rc3:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:9.4.0:rc4:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:9.4.0:rc5:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:9.4.0:rc6:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:9.4.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-12-17 17:29

Updated : 2023-12-10 12:15


NVD link : CVE-2017-17716

Mitre link : CVE-2017-17716

CVE.ORG link : CVE-2017-17716


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
CWE-295

Improper Certificate Validation