Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 17 Dec 2017 21:26:09 +0100
From: Raphael Geissert <>
To: Open Source Security <>
Subject: Gitlab, LDAP integration vulnerable to MITM attack


This is just a heads up that I requested a CVE id for issue #30420[1]:
between 9.4 and before 9.4.2 does not verify the identity of the LDAP

This has been assigned CVE-2017-17716.

(needless to say, this wasn't reported by me)

Raphael Geissert

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ