CVE-2017-7662: Cross-Site Request Forgery (CSRF)

May 16, 2017 (updated July 8, 2017)

A malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active.

References

cxf.apache.org/security-advisories.data/CVE-2017-7662.txt.asc
nvd.nist.gov/vuln/detail/CVE-2017-7662

Detect and mitigate CVE-2017-7662 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →