Date: Sun, 17 Dec 2017 21:26:09 +0100 From: Raphael Geissert <atomo64@...il.com> To: Open Source Security <oss-security@...ts.openwall.com> Cc: security@...lab.com Subject: Gitlab, LDAP integration vulnerable to MITM attack Hi, This is just a heads up that I requested a CVE id for issue #30420: gitlab between 9.4 and before 9.4.2 does not verify the identity of the LDAP server. This has been assigned CVE-2017-17716. https://gitlab.com/gitlab-org/gitlab-ce/issues/30420 (needless to say, this wasn't reported by me) Cheers, -- Raphael Geissert
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ