{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-07-19T00:00:00", "descriptions": [{"lang": "en", "value": "GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-02T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-11437", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/", "refsource": "CONFIRM", "url": "https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-11437", "datePublished": "2017-08-02T19:00:00", "dateReserved": "2017-07-19T00:00:00", "dateUpdated": "2017-08-02T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:8.5.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "F9A689B7-5338-4CD9-817B-6BC7CFBF777B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.5.1:*:*:*:enterprise:*:*:*", "matchCriteriaId": "2A545241-72A5-478D-95DE-D16D81D059D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.5.2:*:*:*:enterprise:*:*:*", "matchCriteriaId": "6214BCAC-88CB-4584-9263-4C363E09DF99", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.5.3:*:*:*:enterprise:*:*:*", "matchCriteriaId": "B111C038-809E-433A-AEFB-DB08485D433F", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.5.4:*:*:*:enterprise:*:*:*", "matchCriteriaId": "5703243F-1311-43AF-A4D3-EE481AE6AF89", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.5.5:*:*:*:enterprise:*:*:*", "matchCriteriaId": "97D2593C-82F8-4FDA-90E9-5F99FA5E618C", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.5.6:*:*:*:enterprise:*:*:*", "matchCriteriaId": "9F154A97-727E-4328-8DD4-5ADB5DFF9BBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.5.7:*:*:*:enterprise:*:*:*", "matchCriteriaId": "7050F394-AA21-413C-B7AA-025C6867EA70", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.5.8:*:*:*:enterprise:*:*:*", "matchCriteriaId": "60F33D8A-D19A-489A-B7EF-F3B9BB21128C", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.5.9:*:*:*:enterprise:*:*:*", "matchCriteriaId": "A242BEA6-967C-4AD6-B1B5-6ACF07D7A8F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.5.10:*:*:*:enterprise:*:*:*", "matchCriteriaId": "4EC5D7BC-D90E-4246-8875-D55E733A17D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.5.11:*:*:*:enterprise:*:*:*", "matchCriteriaId": "7835A619-4618-4871-B593-0F852D017FD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.5.12:*:*:*:enterprise:*:*:*", "matchCriteriaId": "2E83AF15-2F16-4C9C-8426-65B1521367FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.5.13:*:*:*:enterprise:*:*:*", "matchCriteriaId": "5FDF0654-A1D5-484C-81FB-C8190358D149", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.6.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "C6026502-F953-4DD6-9045-C261DCF1A8C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.6.1:*:*:*:enterprise:*:*:*", "matchCriteriaId": "16CF71BA-270C-44BA-9901-E340E52A9433", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.6.2:*:*:*:enterprise:*:*:*", "matchCriteriaId": "66C84616-682F-48B7-BF50-B1720620A220", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.6.3:*:*:*:enterprise:*:*:*", "matchCriteriaId": "42B65A36-4287-4D67-862F-D3F64FA7EA25", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.6.4:*:*:*:enterprise:*:*:*", "matchCriteriaId": "361FDAC0-9A78-485E-A761-80594B610E7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.6.5:*:*:*:enterprise:*:*:*", "matchCriteriaId": "E2AFB344-CFB4-43CB-83DF-56E7C152E824", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.6.6:*:*:*:enterprise:*:*:*", "matchCriteriaId": "6E132515-1E9D-4ECC-9BEB-A7BD469C7C54", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.6.7:*:*:*:enterprise:*:*:*", "matchCriteriaId": "4C90D1E1-F070-4334-9D24-5FDF0D94375D", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.6.8:*:*:*:enterprise:*:*:*", "matchCriteriaId": "41E3D5D9-7E0C-46CD-B0E9-BC047D5999F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.6.9:*:*:*:enterprise:*:*:*", "matchCriteriaId": "255E7E71-B6A0-4BC1-A0CC-3D96EC9EC5E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.7.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "F6274FC1-B2DE-4DBE-8771-C1BEC9064707", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.7.1:*:*:*:enterprise:*:*:*", "matchCriteriaId": "0F974D2B-B850-4551-A239-2282CB6F4726", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.7.2:*:*:*:enterprise:*:*:*", "matchCriteriaId": "7CAAD899-AEFB-47B5-A002-F62931DE2555", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.7.3:*:*:*:enterprise:*:*:*", "matchCriteriaId": "ACE69267-26A8-4079-8611-5391D8591A06", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.7.4:*:*:*:enterprise:*:*:*", "matchCriteriaId": "E81D3A01-5108-4135-86C3-511CF6BA2DC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.7.5:*:*:*:enterprise:*:*:*", "matchCriteriaId": "FC8A3B06-7F24-4A10-932D-B04C04D79AFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.7.6:*:*:*:enterprise:*:*:*", "matchCriteriaId": "98A064EA-02A1-438B-8F5E-600B65B3EE76", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.7.7:*:*:*:enterprise:*:*:*", "matchCriteriaId": "A6E99B95-7887-409E-B661-19BDC4B397E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.7.8:*:*:*:enterprise:*:*:*", "matchCriteriaId": "686E5B3F-A633-42AF-822C-DEA1063373D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.7.9:*:*:*:enterprise:*:*:*", "matchCriteriaId": "47D46996-0BD0-4430-BA1F-681D6C3A063E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.8.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "91644919-EA2F-45F5-99A4-56C3E2CAFE77", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.8.1:*:*:*:enterprise:*:*:*", "matchCriteriaId": "30B7F5DD-874F-4384-97FB-7BFF550FFF8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.8.2:*:*:*:enterprise:*:*:*", "matchCriteriaId": "9D67A403-F067-406B-9750-6BFC060564F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.8.3:*:*:*:enterprise:*:*:*", "matchCriteriaId": "197423E1-4AC1-4D26-8699-5DF8F5EE3F24", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.8.4:*:*:*:enterprise:*:*:*", "matchCriteriaId": "A93559F4-90A2-40EF-9D69-0D55D3C47CFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.8.5:*:*:*:enterprise:*:*:*", "matchCriteriaId": "BA2868FF-5ACD-44F9-9A57-7EF63C7E640E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.8.6:*:*:*:enterprise:*:*:*", "matchCriteriaId": "AD687ECD-BF49-45D6-A35C-AC4E24FB9A99", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.8.7:*:*:*:enterprise:*:*:*", "matchCriteriaId": "03DF09B5-D8D6-4467-98FA-DFF6D2B55033", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.8.8:*:*:*:enterprise:*:*:*", "matchCriteriaId": "3E8092F0-9AE5-4CF3-B7E3-414F726F2F76", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.8.9:*:*:*:enterprise:*:*:*", "matchCriteriaId": "B0B38D4A-6E17-4BE0-9A16-D8A181B4F530", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.9.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "714A27C4-DA0F-40F0-882E-E818EA943EC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.9.1:*:*:*:enterprise:*:*:*", "matchCriteriaId": "413D4C46-571E-4F4C-BA82-C5005F607E87", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.9.2:*:*:*:enterprise:*:*:*", "matchCriteriaId": "EBC8BEA5-B157-4058-A60E-55AA9B73B601", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.9.3:*:*:*:enterprise:*:*:*", "matchCriteriaId": "419AE443-4512-40F7-82FF-C7EC56D67B3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.9.4:*:*:*:enterprise:*:*:*", "matchCriteriaId": "99743846-474B-436E-8EB1-1CB9F31CF4FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.9.5:*:*:*:enterprise:*:*:*", "matchCriteriaId": "3476E93B-274E-404F-9E34-0C10C21565E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.9.6:*:*:*:enterprise:*:*:*", "matchCriteriaId": "A8C88B77-533B-4552-99E1-DD25EC198AA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.9.7:*:*:*:enterprise:*:*:*", "matchCriteriaId": "A201ABFD-4A87-47A1-8320-9F982B84BEFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.9.10:*:*:*:enterprise:*:*:*", "matchCriteriaId": "F3502F66-C892-41FE-B26C-76E75721D6C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.9.11:*:*:*:enterprise:*:*:*", "matchCriteriaId": "B9AABA2E-550F-4C23-8CF2-3EF3F7379FED", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.10.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "331EE96A-1BE0-474D-86D1-1DB43C74277E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.10.1:*:*:*:enterprise:*:*:*", "matchCriteriaId": "B15DB780-A850-41FE-AD9F-6C346B4989C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.10.2:*:*:*:enterprise:*:*:*", "matchCriteriaId": "F4FC046D-7A57-4892-BF69-0E79424F512B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.10.3:*:*:*:enterprise:*:*:*", "matchCriteriaId": "2A462CD5-92E9-4C32-B04D-E7B25317F27C", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.10.4:*:*:*:enterprise:*:*:*", "matchCriteriaId": "269B515B-277B-4807-9159-9DF65D3C0D5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.10.5:*:*:*:enterprise:*:*:*", "matchCriteriaId": "ADF1DAF8-2A35-4775-92F5-A1F8E57FE326", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.10.6:*:*:*:enterprise:*:*:*", "matchCriteriaId": "F1CF3A4A-722D-4F0B-815D-DF7D779F45AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.10.7:*:*:*:enterprise:*:*:*", "matchCriteriaId": "38C019DC-04A4-446B-AF57-0D7DA6BBFD3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.10.8:*:*:*:enterprise:*:*:*", "matchCriteriaId": "D6B66E5D-E2BA-4C5B-BBB3-5D813EC70C8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.10.9:*:*:*:enterprise:*:*:*", "matchCriteriaId": "C79BCFD6-1A37-4148-9770-B2109BC553DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.10.10:*:*:*:enterprise:*:*:*", "matchCriteriaId": "71F68373-D0FD-4AD0-B382-A0D09EE36485", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.10.11:*:*:*:enterprise:*:*:*", "matchCriteriaId": "49ACBD20-69FE-48F8-B972-95A10430DE2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.10.12:*:*:*:enterprise:*:*:*", "matchCriteriaId": "2B736A41-4879-49EF-88DE-2E8872E54731", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.10.13:*:*:*:enterprise:*:*:*", "matchCriteriaId": "C38A9845-4307-463A-BE55-72263468A0F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.11.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "AB6C28DB-00B5-4DAC-BB5E-5141FCCA7779", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.11.1:*:*:*:enterprise:*:*:*", "matchCriteriaId": "09D275A5-FA0A-468A-A490-6D40C2016266", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.11.2:*:*:*:enterprise:*:*:*", "matchCriteriaId": "CB22081E-45A1-4599-B0FF-5CD0C4191832", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.11.3:*:*:*:enterprise:*:*:*", "matchCriteriaId": "F06FC003-C7E7-4666-AD9A-ED90A42EF582", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.11.4:*:*:*:enterprise:*:*:*", "matchCriteriaId": "F607CA2B-1D61-4C15-BA54-9B382CB1B5D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.11.5:*:*:*:enterprise:*:*:*", "matchCriteriaId": "F44BE0E2-97EB-4BE7-8A84-6EDE25649C49", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.11.6:*:*:*:enterprise:*:*:*", "matchCriteriaId": "5B0E74E3-C58D-4D89-BFCA-722366B49255", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.11.7:*:*:*:enterprise:*:*:*", "matchCriteriaId": "EA760556-96D0-4F69-BC72-6D72CF599AC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.11.8:*:*:*:enterprise:*:*:*", "matchCriteriaId": "D56AC6D5-A08C-4543-97F4-23D77F3DF1DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.11.9:*:*:*:enterprise:*:*:*", "matchCriteriaId": "C53175BE-0F48-4357-B950-75E4C92C1E40", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.11.10:*:*:*:enterprise:*:*:*", "matchCriteriaId": "EA8C529E-A755-4DA7-B5FA-CECA7D77BFA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.11.11:*:*:*:enterprise:*:*:*", "matchCriteriaId": "13B92102-2233-43D9-B7D6-7B917ACBC513", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.12.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "48B34C3C-03AB-4459-ABCA-480C07B1B5DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.12.1:*:*:*:enterprise:*:*:*", "matchCriteriaId": "09BB2940-8CF8-4ADA-B734-99A8035BA7D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.12.2:*:*:*:enterprise:*:*:*", "matchCriteriaId": "6ED2E761-8424-47ED-9ECC-9EEE0F06E693", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.12.3:*:*:*:enterprise:*:*:*", "matchCriteriaId": "24B2DF94-D1BC-4F94-8AAF-DF4CDBDAE5D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.12.4:*:*:*:enterprise:*:*:*", "matchCriteriaId": "6569CE8E-0C8B-4A2D-91A0-A99354E72A9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.12.5:*:*:*:enterprise:*:*:*", "matchCriteriaId": "7D5853E3-1CA4-4731-A2C3-DE5350FBE685", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.12.6:*:*:*:enterprise:*:*:*", "matchCriteriaId": "25B7D422-BEDA-427D-9BE7-04C851D1E20A", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.12.7:*:*:*:enterprise:*:*:*", "matchCriteriaId": "24D15B0E-D6DB-4A01-B996-026A3FAA2B30", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.12.8:*:*:*:enterprise:*:*:*", "matchCriteriaId": "074F2E17-E065-4700-8A6C-60A0555D9CFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.12.9:*:*:*:enterprise:*:*:*", "matchCriteriaId": "4E18FD1C-DEC2-4C95-87BC-E5D4B7CCA2FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.12.10:*:*:*:enterprise:*:*:*", "matchCriteriaId": "8F3D07EF-1030-4B4E-AEAF-FDC6C9EC1152", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.12.11:*:*:*:enterprise:*:*:*", "matchCriteriaId": "1053EFC9-1E3F-47D5-B0C1-D3752F89F5A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.12.12:*:*:*:enterprise:*:*:*", "matchCriteriaId": "D3FA1A2B-4EF8-40BF-BF3D-A381AFD3AED7", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.13.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "BF27DE16-6B02-4B8C-8171-644F96B91EC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.13.1:*:*:*:enterprise:*:*:*", "matchCriteriaId": "309BE602-C30A-453B-B53E-87559A4A65C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.13.2:*:*:*:enterprise:*:*:*", "matchCriteriaId": "0D1AEB22-B278-40B8-959B-59DF4CCE1756", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.13.3:*:*:*:enterprise:*:*:*", "matchCriteriaId": "6E6C2412-07E9-494C-8374-D23244896593", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.13.4:*:*:*:enterprise:*:*:*", "matchCriteriaId": "8754F4EA-AA92-4308-BCE1-F6214A502368", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.13.5:*:*:*:enterprise:*:*:*", "matchCriteriaId": "46015599-12C0-4DFA-BBF9-2252446C899A", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.13.6:*:*:*:enterprise:*:*:*", "matchCriteriaId": "38D6EBF6-43D0-4D5E-A21D-29D775593236", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.13.7:*:*:*:enterprise:*:*:*", "matchCriteriaId": "E36DA897-3A68-454F-90B8-B83E6D28AC73", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.13.8:*:*:*:enterprise:*:*:*", "matchCriteriaId": "9BBB030E-9065-46C5-B53D-1652BE5F8592", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.13.9:*:*:*:enterprise:*:*:*", "matchCriteriaId": "95A34884-89DE-4BB1-9E83-34FA67111E6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.13.10:*:*:*:enterprise:*:*:*", "matchCriteriaId": "CDD3228C-F3BE-4C85-90FE-4D29F40CABCA", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.13.11:*:*:*:enterprise:*:*:*", "matchCriteriaId": "E390DA6B-EC51-4534-A375-F8E30B365409", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.14.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "234CD36B-CEAC-4C89-A515-22D088589024", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.14.1:*:*:*:enterprise:*:*:*", "matchCriteriaId": "A044ACCF-7534-4A81-9F66-7235CA4B74C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.14.2:*:*:*:enterprise:*:*:*", "matchCriteriaId": "6265E089-155E-474C-B020-85C75EE500E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.14.3:*:*:*:enterprise:*:*:*", "matchCriteriaId": "62B5B510-E6BE-414A-BAE3-91DBDF571682", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.14.4:*:*:*:enterprise:*:*:*", "matchCriteriaId": "EAA4671D-EF34-4325-A992-7C81D5BAADD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.14.5:*:*:*:enterprise:*:*:*", "matchCriteriaId": "C0CE42B2-B475-4D8C-B8AE-BC32BAF6234E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.14.6:*:*:*:enterprise:*:*:*", "matchCriteriaId": "C93D5B03-B1D0-4F94-BDF5-4AE508A0BF8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.14.8:*:*:*:enterprise:*:*:*", "matchCriteriaId": "9627D6F1-4EE6-41A5-9C36-295A3E838D94", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.14.9:*:*:*:enterprise:*:*:*", "matchCriteriaId": "1B594D99-2948-4A7A-9D0B-F4F62746E6E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.14.10:*:*:*:enterprise:*:*:*", "matchCriteriaId": "507368E5-8FEB-4981-A228-047F081288FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.15.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "4FE20CBB-70B6-45B9-A477-1E4B50DAB672", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.15.1:*:*:*:enterprise:*:*:*", "matchCriteriaId": "A1C4F42E-C2A5-445B-9B82-08CD28A624C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.15.2:*:*:*:enterprise:*:*:*", "matchCriteriaId": "FB98703B-DC7E-4BFA-B11C-23A813FF8F4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.15.3:*:*:*:enterprise:*:*:*", "matchCriteriaId": "FE10D715-8C4B-4915-A063-0E68F12261F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.15.4:*:*:*:enterprise:*:*:*", "matchCriteriaId": "94AF72BC-2F35-4FBA-98AA-37DBC4450B05", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.15.6:*:*:*:enterprise:*:*:*", "matchCriteriaId": "7D1FD095-2ECE-4708-A8A0-08713D664881", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.15.7:*:*:*:enterprise:*:*:*", "matchCriteriaId": "D4102D04-E8F9-412C-A07A-FC70FD7CCBFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.15.8:*:*:*:enterprise:*:*:*", "matchCriteriaId": "A8C257F5-BA6B-4D97-A810-D8892A65347F", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.16.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "FF573E1E-3635-45BD-BD3A-14833BE25037", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.16.1:*:*:*:enterprise:*:*:*", "matchCriteriaId": "44E4EFCF-390A-443F-9D8B-9778474280B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.16.2:*:*:*:enterprise:*:*:*", "matchCriteriaId": "19905721-3BA5-4C6C-A706-A814C6C03F5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.16.3:*:*:*:enterprise:*:*:*", "matchCriteriaId": "1C65DD44-8746-4E32-9A71-8E3358577331", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.16.4:*:*:*:enterprise:*:*:*", "matchCriteriaId": "ED7EC2EB-4DFA-48BF-BA20-F405C6BED3B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.16.5:*:*:*:enterprise:*:*:*", "matchCriteriaId": "DA6E2911-A293-430D-B8FB-D531074802A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.16.6:*:*:*:enterprise:*:*:*", "matchCriteriaId": "5C6A6C84-71D0-42C1-A54E-01319FFFA9BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.16.7:*:*:*:enterprise:*:*:*", "matchCriteriaId": "9FC9C9FB-DD73-4482-A95C-F9BE5738466E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.16.8:*:*:*:enterprise:*:*:*", "matchCriteriaId": "37AE396B-8674-4693-BA62-A4CC4D425EB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.16.9:*:*:*:enterprise:*:*:*", "matchCriteriaId": "437E47B2-BAC5-429A-A16E-730A08F3072B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.17.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "232319FB-619D-45FD-A091-ECE7937B38C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.17.1:*:*:*:enterprise:*:*:*", "matchCriteriaId": "EBC485DB-B02E-44E5-8FD9-BEBB859FFC32", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.17.2:*:*:*:enterprise:*:*:*", "matchCriteriaId": "31BC0B13-B59C-41B8-907A-9DFBEC54D3B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.17.3:*:*:*:enterprise:*:*:*", "matchCriteriaId": "BEB69ACB-D9A8-49EF-B9A2-30D3FAAB2684", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.17.4:*:*:*:enterprise:*:*:*", "matchCriteriaId": "307769BA-3940-49A0-B428-381DB21048E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.17.5:*:*:*:enterprise:*:*:*", "matchCriteriaId": "B1A330EC-953E-4947-BF3F-59981437478B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:8.17.6:*:*:*:enterprise:*:*:*", "matchCriteriaId": "4D9C5763-05A2-4334-AD8D-7F0355D1A712", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:9.0.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "2FD7115D-5389-41E0-A434-E309C589904E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.0.1:*:*:*:enterprise:*:*:*", "matchCriteriaId": "56A91763-FD44-400E-A44B-CFF30BED8BD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.0.2:*:*:*:enterprise:*:*:*", "matchCriteriaId": "39CF4E50-959C-4CCD-BA3B-C08801938FF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.0.3:*:*:*:enterprise:*:*:*", "matchCriteriaId": "D4167398-A7FF-4F0A-8BB3-2A61095EADD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.0.4:*:*:*:enterprise:*:*:*", "matchCriteriaId": "2FB25D27-2086-4B5D-98E4-6D5DE385CEE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.0.5:*:*:*:enterprise:*:*:*", "matchCriteriaId": "EB58A6B5-2444-4F0C-8D76-23286A148FD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.0.6:*:*:*:enterprise:*:*:*", "matchCriteriaId": "863D2334-4FC6-43C7-BC79-34FFB932C9B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.0.7:*:*:*:enterprise:*:*:*", "matchCriteriaId": "0542A00D-9B9F-4F31-A71D-C0036868A6BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.0.8:*:*:*:enterprise:*:*:*", "matchCriteriaId": "69DEB9B7-A622-4F02-87C0-D8C073FBC433", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.0.9:*:*:*:enterprise:*:*:*", "matchCriteriaId": "1B383F93-5B84-4959-8BF9-5EF589FE3861", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.0.10:*:*:*:enterprise:*:*:*", "matchCriteriaId": "CFCA88A2-52A6-46C0-8D04-6D66A25ECC98", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:9.1.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "F0E33B7B-74F6-4180-83DD-B3103FA69973", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.1.1:*:*:*:enterprise:*:*:*", "matchCriteriaId": "5B456316-8D07-4FC4-8371-F1FAA6DA66CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.1.2:*:*:*:enterprise:*:*:*", "matchCriteriaId": "A6BD46FF-C9D8-4420-BEF2-55E7865A7408", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.1.3:*:*:*:enterprise:*:*:*", "matchCriteriaId": "F2894748-99BB-4105-BF7E-9EBF3A96C591", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.1.4:*:*:*:enterprise:*:*:*", "matchCriteriaId": "48F0243B-5E32-4958-907F-28F687BCFEE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.1.5:*:*:*:enterprise:*:*:*", "matchCriteriaId": "B8A8A421-89D4-4D88-AC5E-A4675B57281D", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.1.6:*:*:*:enterprise:*:*:*", "matchCriteriaId": "9F674ABE-8BD6-45DD-9604-3789D7143ADC", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.1.7:*:*:*:enterprise:*:*:*", "matchCriteriaId": "7E8D058B-CA9A-4DB0-BA37-B4A8F82B80CC", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:9.2.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "77E257DF-7EF6-4F94-A901-70D14B230AA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.2.1:*:*:*:enterprise:*:*:*", "matchCriteriaId": "5150656E-DF20-4930-9D8F-F35371E25F5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.2.2:*:*:*:enterprise:*:*:*", "matchCriteriaId": "ED08A352-986E-4B87-A2B3-FD42C99DEBE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.2.3:*:*:*:enterprise:*:*:*", "matchCriteriaId": "F78723C9-5DCC-49D8-A81C-2ABEFF93DCF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.2.4:*:*:*:enterprise:*:*:*", "matchCriteriaId": "FA0BE35C-0CE7-49C3-882B-9E8751CF780E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.2.5:*:*:*:enterprise:*:*:*", "matchCriteriaId": "78F36A2D-0BAF-461B-9C45-28F5E5919FA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.2.6:*:*:*:enterprise:*:*:*", "matchCriteriaId": "A1ED26D9-9138-40E7-8040-7758A3C55DC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.2.7:*:*:*:enterprise:*:*:*", "matchCriteriaId": "D8BA8D86-FEB3-4EF6-AD02-AC7EB724A8B1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:9.3.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "3978E438-C566-4D20-8A61-35BE3DD53216", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.3.1:*:*:*:enterprise:*:*:*", "matchCriteriaId": "E1B7646D-8AA1-4C71-A200-1F4AF69C15F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.3.2:*:*:*:enterprise:*:*:*", "matchCriteriaId": "8706044B-BC22-4808-8C91-F212A9597CA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.3.3:*:*:*:enterprise:*:*:*", "matchCriteriaId": "6813D127-BD01-47C3-B2C2-28C48D15E662", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.3.4:*:*:*:enterprise:*:*:*", "matchCriteriaId": "F7E8D785-1D9F-4DCE-BDDB-3F43A3D1A121", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.3.5:*:*:*:enterprise:*:*:*", "matchCriteriaId": "D039DB11-A182-43C7-9D1C-CADC03E4EEB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.3.6:*:*:*:enterprise:*:*:*", "matchCriteriaId": "706DC40E-D1A8-4124-A038-8F1AF94FDA32", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:9.3.7:*:*:*:enterprise:*:*:*", "matchCriteriaId": "4CCEF509-13C2-4DD0-A578-FDA31EE9B152", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users."}, {"lang": "es", "value": "GitLab Enterprise Edition (EE) en sus versiones anteriores a la 8.17.7 y las versiones 9.0.11, 9.1.8, 9.2.8 y 9.3.8 permite que un usuario autenticado con la capacidad para crear un proyecto utilice la funci\u00f3n de replicaci\u00f3n para poder acceder a repositorios de otros usuarios."}], "id": "CVE-2017-11437", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-02T19:29:00.803", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}