Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 20 Dec 2017 22:14:46 +0000
From: "Kwang (GitLab Support)" <>
Cc: Open Source Security <>
Subject: [GitLab, Inc.] Update: Gitlab, LDAP integration vulnerable to MITM

##- Please type your reply above this line -##

You are registered as a CC on this support request (86379). Reply to this email to add a comment to the request.


Kwang, Dec 20, 17:14 EST

Hi Raphael,

Thank you for the heads-up. We will note that on the public issue tracker page.

GitLab Security Team


Raphael Geissert, Dec 17, 15:26 EST


This is just a heads up that I requested a CVE id for issue #30420[1]: gitlab
between 9.4 and before 9.4.2 does not verify the identity of the LDAP server.

This has been assigned CVE-2017-17716.

(needless to say, this wasn't reported by me)

Raphael Geissert

This email is a service from GitLab, Inc..


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ