Unverified Password Change Vulnerability in GitLab Community and Enterprise Editions

Unverified Password Change Vulnerability in GitLab Community and Enterprise Editions

CVE-2017-0921 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised.

Learn more about our Web Application Penetration Testing UK.