{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T09:48:22.146","vulnerabilities":[{"cve":{"id":"CVE-2017-0920","sourceIdentifier":"support@hackerone.com","published":"2018-03-22T15:29:00.217","lastModified":"2024-11-21T03:03:54.020","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance."},{"lang":"es","value":"Las ediciones Community y Enterprise de Gitlab, en versiones anteriores a la 10.1.6, 10.2.6 y 10.3.4, son vulnerables a un problema de omisiĆ³n de autenticaciĆ³n en el componente Projects::MergeRequests::CreationsController. Esto resulta en que un atacante puede ver todos los nombres de proyecto y sus respectivos espacios de nombre en una instancia de GitLab."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartExcluding":"8.8.0","versionEndIncluding":"10.1.5","matchCriteriaId":"403C99AA-5E14-4ECB-AF6A-20DBE371998D"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"8.8.0","versionEndIncluding":"10.1.5","matchCriteriaId":"19E0A120-3CE9-43FE-AEB6-A93F70BDD776"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartExcluding":"10.2.0","versionEndIncluding":"10.2.5","matchCriteriaId":"DBE72BC6-155E-4E8C-A2DC-B9B4B6610F02"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"10.2.0","versionEndIncluding":"10.2.5","matchCriteriaId":"AA884C1E-9F66-41DA-9F23-1231086A75CA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartExcluding":"10.3.0","versionEndIncluding":"10.3.3","matchCriteriaId":"14A161A7-2715-447D-8E30-6D11500B3B8B"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"10.3.0","versionEndIncluding":"10.3.3","matchCriteriaId":"3CEEA359-A827-43C5-8489-FD49AE744CC4"}]}]}],"references":[{"url":"https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/","source":"support@hackerone.com","tags":["Vendor Advisory"]},{"url":"https://hackerone.com/reports/301336","source":"support@hackerone.com","tags":["Permissions Required"]},{"url":"https://www.debian.org/security/2018/dsa-4206","source":"support@hackerone.com"},{"url":"https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://hackerone.com/reports/301336","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]},{"url":"https://www.debian.org/security/2018/dsa-4206","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}