{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"GitLab CE et EE versions 10.4.x ant\u00e9rieures \u00e0 10.4.6","product":{"name":"N/A","vendor":{"name":"GitLab","scada":false}}},{"description":"GitLab CE et EE versions 10.3.x ant\u00e9rieures \u00e0 10.3.9","product":{"name":"N/A","vendor":{"name":"GitLab","scada":false}}},{"description":"GitLab Community Edition (CE) et Enterprise Edition (EE) versions 10.5.x ant\u00e9rieures \u00e0 10.5.6","product":{"name":"N/A","vendor":{"name":"GitLab","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2017-0924","url":"https://www.cve.org/CVERecord?id=CVE-2017-0924"},{"name":"CVE-2017-0915","url":"https://www.cve.org/CVERecord?id=CVE-2017-0915"},{"name":"CVE-2017-0922","url":"https://www.cve.org/CVERecord?id=CVE-2017-0922"},{"name":"CVE-2017-0920","url":"https://www.cve.org/CVERecord?id=CVE-2017-0920"},{"name":"CVE-2017-0925","url":"https://www.cve.org/CVERecord?id=CVE-2017-0925"},{"name":"CVE-2017-0927","url":"https://www.cve.org/CVERecord?id=CVE-2017-0927"},{"name":"CVE-2017-0916","url":"https://www.cve.org/CVERecord?id=CVE-2017-0916"},{"name":"CVE-2018-8801","url":"https://www.cve.org/CVERecord?id=CVE-2018-8801"},{"name":"CVE-2017-0918","url":"https://www.cve.org/CVERecord?id=CVE-2017-0918"},{"name":"CVE-2017-0926","url":"https://www.cve.org/CVERecord?id=CVE-2017-0926"},{"name":"CVE-2017-0923","url":"https://www.cve.org/CVERecord?id=CVE-2017-0923"},{"name":"CVE-2018-3710","url":"https://www.cve.org/CVERecord?id=CVE-2018-3710"},{"name":"CVE-2017-0917","url":"https://www.cve.org/CVERecord?id=CVE-2017-0917"},{"name":"CVE-2017-0914","url":"https://www.cve.org/CVERecord?id=CVE-2017-0914"}],"links":[],"reference":"CERTFR-2018-AVI-142","revisions":[{"description":"Version initiale","revision_date":"2018-03-22T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GitLab . Certaines\nd'entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9\net une atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans GitLab","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 GitLab du 20 mars 2018","url":"https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 GitLab du 16 janvier 2018","url":"https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/"}]}