cvedb.io
CVE-2017-17716
MEDIUM · CVSS 5.9
EPSS exploitation probability: 0%
Published 2017-12-17T17:29:00.227 · Last modified 2026-06-17T01:11:32.020

Summary

GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap library and the gitlab_omniauth-ldap gem.

Affected products

gitlab — gitlab

Does this affect you?

Add your gear to cvedb and we'll alert you only when gitlab ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.