{"id":"CVE-2017-0882","details":"Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC.","modified":"2026-04-10T03:54:31.823175Z","published":"2017-03-28T02:59:01.497Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/97157"},{"type":"ADVISORY","url":"https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/"},{"type":"FIX","url":"https://gitlab.com/gitlab-org/gitlab-ce/commit/43f5a2739dbf8f5c4c16a79f98e2630888f6b5d1"},{"type":"FIX","url":"https://gitlab.com/gitlab-org/gitlab-ce/commit/a70346fc6530aa28a98e4aa4cf0f40e2c3bcef6b"},{"type":"FIX","url":"https://gitlab.com/gitlab-org/gitlab-ce/commit/cdf396f456472ef8decd9598daa8dc0097cd30c5"},{"type":"EVIDENCE","url":"https://gitlab.com/gitlab-org/gitlab-ce/issues/29661"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/gitlab-org/gitlab","events":[{"introduced":"0"},{"last_affected":"07140614ca47a39ac24c725298dd8ab9e9b6033f"},{"introduced":"0"},{"last_affected":"bd5b485cc9ca492d7b8c928c3f502a0bd323d048"},{"introduced":"0"},{"last_affected":"c35f8be08ccbef2ff19c0e83b2bd698d834e8666"},{"introduced":"0"},{"last_affected":"68302f5dea6d2f0cda399fbbbff15db11c6f09d0"},{"introduced":"0"},{"last_affected":"1dc869e57e85459627299d099e3ff78df1379edd"},{"introduced":"0"},{"last_affected":"c855d627a698a62ab90559d61eef1bcbd16cc91f"},{"introduced":"0"},{"last_affected":"a810cc509e54b71aff30dfb9ba52ea4aea587c32"},{"introduced":"0"},{"last_affected":"08e1b9c6cb50fa9d8ca66e413aad257e966af8a8"},{"introduced":"0"},{"last_affected":"9697eb62cf12f4f99c148a0fb2a0e5226533b452"},{"introduced":"0"},{"last_affected":"5b5777b8cf3328d27ef549c31f70993da1d1b267"},{"introduced":"0"},{"last_affected":"60b623a4069189858210b4dfad96d46509bcd311"},{"introduced":"0"},{"last_affected":"4af5da20c87c219c95174d9cf556039095ccfda5"},{"introduced":"0"},{"last_affected":"6aacc380f5896faccc8efb4873fca02b5c017ea6"},{"introduced":"0"},{"last_affected":"f5b0299028c8250cef1ae1b66e088a577b9aa526"},{"introduced":"0"},{"last_affected":"a9f30add6e0755ce3f3603710deb7ad6b836b8c5"},{"introduced":"0"},{"last_affected":"14ad7803a5cf70e2777ac4d9ce2e33da6eb312ab"},{"introduced":"0"},{"last_affected":"1a8944dc43fe3a07fe9b3094b3f1259d8aacebdd"},{"introduced":"0"},{"last_affected":"7beac4618584248b7a7c321f20bc4b7acd856c4d"},{"introduced":"0"},{"last_affected":"666051c947d1c7797c8d06e91abe559e88842350"},{"introduced":"0"},{"last_affected":"30bca2969c2a62ab6c64b9e64e960ec7fa11415c"},{"introduced":"0"},{"last_affected":"4071be4ff453bc317ba65d5f4a50cab7d50869db"},{"introduced":"0"},{"last_affected":"6411c7800a122d625befdb6c709ea3f3e1a84060"},{"introduced":"0"},{"last_affected":"6ece4f9aa9a4a562a84b7655e792b4a9e21d4a53"},{"introduced":"0"},{"last_affected":"12dd0f62012c6df8bd67abc2d9c5c54bd82366f7"},{"introduced":"0"},{"last_affected":"77d8a0a9f7ee8ca8005de01b41f3512fef2ff862"},{"introduced":"0"},{"last_affected":"b99caef8161463ac469e6c8cd02e24073bd3118d"},{"introduced":"0"},{"last_affected":"346e677ef9db2a27c3ee69d420563ecc564e5afe"},{"introduced":"0"},{"last_affected":"40515169fc2dea0e68cab27e97389e803013b305"},{"introduced":"0"},{"last_affected":"20fb21a7be5415fd0fcdfdba48c69e16608cc1d4"},{"introduced":"0"},{"last_affected":"294482f38388542b43b908dcb427759544a7486f"},{"introduced":"0"},{"last_affected":"507ff239d58e634e56b8012d965374702e938f60"},{"introduced":"0"},{"last_affected":"966f6c7f5e501b6ff1af675b28bfa1d4a9d4e4d5"},{"introduced":"0"},{"last_affected":"4ae57e0b374bbb8e461305d8a7a68b550bdd768d"},{"introduced":"0"},{"last_affected":"ec3e70625ca648a7ba2aa11a5edbf712bbddd1e3"},{"introduced":"0"},{"last_affected":"b4c40a51ff743f788443bd431d76f6a765797216"},{"introduced":"0"},{"last_affected":"8282833d84c2b7840fbe7db3a883f0f9f9507a18"},{"introduced":"0"},{"last_affected":"8c04d014d5b165b5ad397c455098e81986a8b1d7"},{"introduced":"0"},{"last_affected":"1ce744faef58fdde287eff455b1904022b00699d"},{"introduced":"0"},{"last_affected":"82946bc2788f812275b64b49491342ec43cfc09a"},{"introduced":"0"},{"last_affected":"c1710afbd437c557741ff4c7fa185c6ffb89bf1b"},{"introduced":"0"},{"last_affected":"3e62eeed9a33f4885c53dbb73715f3b3ebda9434"},{"introduced":"0"},{"last_affected":"aa958616f4996672ef494e6a5222726093d17d87"},{"introduced":"0"},{"last_affected":"fe6cf5a54771739af7f10aa15c33d42b1a1ddbd7"},{"introduced":"0"},{"last_affected":"e33b0cbd0dfb10617a37ec5ce054fadb82c8631b"},{"introduced":"0"},{"last_affected":"f431be49b6940b3079b30cd65de56f03b4328e2e"},{"introduced":"0"},{"last_affected":"1f58e6946c465c1fed48773bf2596171b9853aa2"},{"introduced":"0"},{"last_affected":"267058335290399ee344fbd4ec8aa7ad2d8b40d3"},{"introduced":"0"},{"last_affected":"47550d092f0a6cbedc58752d1a220fe519b8ea01"},{"introduced":"0"},{"last_affected":"060f824bd7be41ffc05af04def53f20e3a870ca7"},{"introduced":"0"},{"last_affected":"a019470b8a6d2fa82a5eec3200663eca87c96baa"},{"introduced":"0"},{"last_affected":"bc4639359cf2880d6ee614a01e6b8049293d4366"},{"introduced":"0"},{"last_affected":"93daa28c0cff0fa8a523d29a9e1ea887cbe021d8"},{"introduced":"0"},{"last_affected":"d869576238a751301f93d208b51b85b62f210246"},{"introduced":"0"},{"last_affected":"e710a190fc51ec38c87941efbed9db00c08b31e7"},{"introduced":"0"},{"last_affected":"c0b08f6bb5c418c6ac0f1b112ffde6f4120170b5"},{"introduced":"0"},{"last_affected":"084ac867773ff2bc8be9a196b356fa7116c66a75"},{"introduced":"0"},{"last_affected":"a8749c09725d1fc78079b7fc8a89d6361f8f964c"},{"introduced":"0"},{"last_affected":"474978de8fb3bb8f7f0edcde5b24dcba277f407a"},{"introduced":"0"},{"last_affected":"33f4b583cd25831cf10d6587c568bf6c99732476"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"8.2.0"},{"introduced":"0"},{"last_affected":"8.2.1"},{"introduced":"0"},{"last_affected":"8.2.2"},{"introduced":"0"},{"last_affected":"8.2.3"},{"introduced":"0"},{"last_affected":"8.2.4"},{"introduced":"0"},{"last_affected":"8.2.5"},{"introduced":"0"},{"last_affected":"8.3.0"},{"introduced":"0"},{"last_affected":"8.3.8"},{"introduced":"0"},{"last_affected":"8.3.9"},{"introduced":"0"},{"last_affected":"8.4.0"},{"introduced":"0"},{"last_affected":"8.4.9"},{"introduced":"0"},{"last_affected":"8.4.10"},{"introduced":"0"},{"last_affected":"8.5.0"},{"introduced":"0"},{"last_affected":"8.5.11"},{"introduced":"0"},{"last_affected":"8.5.12"},{"introduced":"0"},{"last_affected":"8.6.0"},{"introduced":"0"},{"last_affected":"8.6.7"},{"introduced":"0"},{"last_affected":"8.6.8"},{"introduced":"0"},{"last_affected":"8.7.0"},{"introduced":"0"},{"last_affected":"8.7.1"},{"introduced":"0"},{"last_affected":"8.10.0"},{"introduced":"0"},{"last_affected":"8.10.12"},{"introduced":"0"},{"last_affected":"8.10.13"},{"introduced":"0"},{"last_affected":"8.11.0"},{"introduced":"0"},{"last_affected":"8.11.9"},{"introduced":"0"},{"last_affected":"8.11.10"},{"introduced":"0"},{"last_affected":"8.12.0"},{"introduced":"0"},{"last_affected":"8.12.7"},{"introduced":"0"},{"last_affected":"8.12.8"},{"introduced":"0"},{"last_affected":"8.13.0"},{"introduced":"0"},{"last_affected":"8.13.2"},{"introduced":"0"},{"last_affected":"8.13.3"},{"introduced":"0"},{"last_affected":"8.14.0"},{"introduced":"0"},{"last_affected":"8.14.1"},{"introduced":"0"},{"last_affected":"8.14.2"},{"introduced":"0"},{"last_affected":"8.14.3"},{"introduced":"0"},{"last_affected":"8.14.4"},{"introduced":"0"},{"last_affected":"8.14.5"},{"introduced":"0"},{"last_affected":"8.14.6"},{"introduced":"0"},{"last_affected":"8.15.0"},{"introduced":"0"},{"last_affected":"8.15.1"},{"introduced":"0"},{"last_affected":"8.15.2"},{"introduced":"0"},{"last_affected":"8.15.3"},{"introduced":"0"},{"last_affected":"8.15.4"},{"introduced":"0"},{"last_affected":"8.15.5"},{"introduced":"0"},{"last_affected":"8.15.6"},{"introduced":"0"},{"last_affected":"8.15.7"},{"introduced":"0"},{"last_affected":"8.16.0"},{"introduced":"0"},{"last_affected":"8.16.1"},{"introduced":"0"},{"last_affected":"8.16.2"},{"introduced":"0"},{"last_affected":"8.16.3"},{"introduced":"0"},{"last_affected":"8.16.4"},{"introduced":"0"},{"last_affected":"8.16.5"},{"introduced":"0"},{"last_affected":"8.16.6"},{"introduced":"0"},{"last_affected":"8.16.7"},{"introduced":"0"},{"last_affected":"8.17.0"},{"introduced":"0"},{"last_affected":"8.17.1"},{"introduced":"0"},{"last_affected":"8.17.2"},{"introduced":"0"},{"last_affected":"8.17.3"}]}}],"versions":["v1.2.0","v1.2.0pre","v1.2.1","v1.2.2","v2.3.0","v2.3.0pre","v2.3.1","v2.4.0","v2.4.0pre","v2.4.1","v2.5.0","v2.6.0","v2.6.0pre","v2.6.1","v2.6.2","v2.6.3","v2.7.0","v2.7.0pre","v2.8.0","v2.8.0pre","v2.8.1","v2.8.2","v2.9.0","v2.9.1","v3.0.0","v3.0.1","v3.0.2","v3.0.3","v3.1.0","v4.0.0","v4.0.0rc1","v4.0.0rc2","v5.0.0","v5.1.0","v5.2.0","v5.3.0","v6.0.0","v6.0.0-ee","v6.0.0-ee.beta","v6.0.0-ee.rc1","v6.1.0-ee","v6.2.0","v6.3.0","v6.3.0-ee","v6.3.1-ee","v6.4.0","v6.4.0-ee","v6.4.0.pre1","v6.4.0.pre2","v6.4.0.pre3","v6.5.0","v6.5.0-ee","v6.5.0.rc1","v6.6.0","v6.6.0-ee","v6.6.0.pre1","v6.6.0.rc1","v6.7.0-ee","v6.7.0.rc1","v6.7.0.rc1-ee","v6.8.0-ee","v7.0.0","v7.0.0-ee","v7.0.0.rc1","v7.1.0","v7.1.0-ee","v7.1.0.rc1","v7.1.0.rc1-ee","v7.2.0.rc1","v7.2.0.rc1-ee","v7.2.0.rc2","v7.2.0.rc2-ee","v7.2.0.rc3","v7.2.0.rc3-ee","v7.2.0.rc4","v7.2.0.rc4-ee","v7.2.0.rc5","v7.2.0.rc5-ee","v7.3.0","v7.3.0-ee","v7.3.0.rc1","v7.3.0.rc1-ee","v8.10.0-ee","v8.10.0-rc1-ee","v8.10.0-rc10-ee","v8.10.0-rc11-ee","v8.10.0-rc12-ee","v8.10.0-rc13-ee","v8.10.0-rc2-ee","v8.10.0-rc3-ee","v8.10.0-rc4-ee","v8.10.0-rc5-ee","v8.10.0-rc6-ee","v8.10.0-rc7-ee","v8.10.0-rc8-ee","v8.10.0-rc9-ee","v8.10.0.pre","v8.10.1-ee","v8.10.10-ee","v8.10.11-ee","v8.10.12-ee","v8.10.13-ee","v8.10.2-ee","v8.10.3-ee","v8.10.4-ee","v8.10.5-ee","v8.10.6-ee","v8.10.7-ee","v8.10.8-ee","v8.10.9-ee","v8.11.0","v8.11.0-ee","v8.11.0-rc1","v8.11.0-rc1-ee","v8.11.0-rc2","v8.11.0-rc2-ee","v8.11.0-rc3","v8.11.0-rc3-ee","v8.11.0-rc4","v8.11.0-rc4-ee","v8.11.0-rc5","v8.11.0-rc5-ee","v8.11.0-rc6","v8.11.0-rc6-ee","v8.11.0-rc7","v8.11.0-rc7-ee","v8.11.0.pre","v8.11.1-ee","v8.11.10-ee","v8.11.2-ee","v8.11.3-ee","v8.11.4-ee","v8.11.5-ee","v8.11.6-ee","v8.11.7-ee","v8.11.8-ee","v8.11.9-ee","v8.12.0-ee","v8.12.0-rc1-ee","v8.12.0-rc2-ee","v8.12.0-rc3-ee","v8.12.0-rc4-ee","v8.12.0-rc5-ee","v8.12.0-rc6-ee","v8.12.0-rc7-ee","v8.12.0.pre","v8.12.1-ee","v8.12.2-ee","v8.12.3-ee","v8.12.5-ee","v8.12.6-ee","v8.12.7-ee","v8.12.8-ee","v8.13.0-ee","v8.13.0-rc1-ee","v8.13.0-rc2-ee","v8.13.0-rc3-ee","v8.13.0-rc4-ee","v8.13.0-rc5-ee","v8.13.0-rc6-ee","v8.13.0-rc7-ee","v8.13.0.pre","v8.13.1-ee","v8.13.2-ee","v8.13.3-ee","v8.14.0-ee","v8.14.0-rc1-ee","v8.14.0-rc2-ee","v8.14.0-rc4-ee","v8.14.0-rc5-ee","v8.14.0.pre","v8.14.1-ee","v8.14.2-ee","v8.14.3-ee","v8.14.4-ee","v8.14.5-ee","v8.14.6-ee","v8.15.0-ee","v8.15.0-rc1-ee","v8.15.0-rc2-ee","v8.15.0-rc3-ee","v8.15.0-rc4-ee","v8.15.0-rc6-ee","v8.15.0.pre","v8.15.1-ee","v8.15.2-ee","v8.15.3-ee","v8.15.4-ee","v8.15.5-ee","v8.15.6-ee","v8.15.7-ee","v8.16.0-ee","v8.16.0-rc1-ee","v8.16.0-rc2-ee","v8.16.0-rc3-ee","v8.16.0-rc4-ee","v8.16.0-rc5-ee","v8.16.0-rc6-ee","v8.16.0.pre","v8.16.1-ee","v8.16.2-ee","v8.16.3-ee","v8.16.4-ee","v8.16.5-ee","v8.16.6-ee","v8.16.7-ee","v8.17.0-ee","v8.17.0-rc1-ee","v8.17.0-rc2-ee","v8.17.0-rc3-ee","v8.17.0-rc4-ee","v8.17.0-rc5-ee","v8.17.0.pre","v8.17.1-ee","v8.17.2-ee","v8.17.3-ee","v8.2.0-ee","v8.2.0.rc1-ee","v8.2.0.rc2-ee","v8.2.1-ee","v8.2.2-ee","v8.2.3-ee","v8.2.4-ee","v8.2.5-ee","v8.3.0-ee","v8.3.0.rc1-ee","v8.3.0.rc2-ee","v8.3.0.rc3-ee","v8.3.1-ee","v8.3.2-ee","v8.3.3-ee","v8.3.4-ee","v8.3.5-ee","v8.3.6-ee","v8.3.7-ee","v8.3.8-ee","v8.3.9-ee","v8.4.0-ee","v8.4.0-rc2-ee","v8.4.0-rc3-ee","v8.4.0.rc1-ee","v8.4.1-ee","v8.4.10-ee","v8.4.2-ee","v8.4.3-ee","v8.4.4-ee","v8.4.5-ee","v8.4.6-ee","v8.4.7-ee","v8.4.8-ee","v8.4.9-ee","v8.5.0-ee","v8.5.0-rc1-ee","v8.5.0-rc2-ee","v8.5.0-rc3-ee","v8.5.0-rc4-ee","v8.5.1-ee","v8.5.10-ee","v8.5.11-ee","v8.5.12-ee","v8.5.2-ee","v8.5.3-ee","v8.5.4-ee","v8.5.5-ee","v8.5.5-rc1-ee","v8.5.6-ee","v8.5.7-ee","v8.5.8-ee","v8.5.9-ee","v8.6.0-ee","v8.6.0-rc1-ee","v8.6.0-rc2-ee","v8.6.0-rc3-ee","v8.6.0-rc4-ee","v8.6.0-rc5-ee","v8.6.1-ee","v8.6.2-ee","v8.6.3-ee","v8.6.4-ee","v8.6.5-ee","v8.6.6-ee","v8.6.7-ee","v8.6.8-ee","v8.7.0-ee","v8.7.0-rc4-ee","v8.7.0-rc5-ee","v8.7.0-rc6-ee","v8.7.0-rc7-ee","v8.7.1-ee"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-0882.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}]}