The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors.
Score CVSS v3.0
8.8
/ 10.0
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Informations
- Publié
- 23 janv. 2017
- Mis à jour
- 20 avr. 2025
- Statut
- Deferred
- Source
- cve@mitre.org
Produits affectés
gitlab gitlab
Versions : 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4
Faiblesses (CWE)
CWE-264
Références (8)
- http://packetstormsecurity.com/files/138368/GitLab-Impersonate-Privilege-Escalation.htmlExploitThird Party AdvisoryVDB Entry
- https://about.gitlab.com/2016/05/02/cve-2016-4340-patches/MitigationPatchVendor Advisory
- https://gitlab.com/gitlab-org/gitlab-ce/issues/15548Issue TrackingPatchVendor Advisory
- https://www.exploit-db.com/exploits/40236/ExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/138368/GitLab-Impersonate-Privilege-Escalation.htmlExploitThird Party AdvisoryVDB Entry
- https://about.gitlab.com/2016/05/02/cve-2016-4340-patches/MitigationPatchVendor Advisory
- https://gitlab.com/gitlab-org/gitlab-ce/issues/15548Issue TrackingPatchVendor Advisory
- https://www.exploit-db.com/exploits/40236/ExploitThird Party AdvisoryVDB Entry
CVEs similaires
Autres vulnérabilités de type CWE-264
Loading…
Surveillez vos produits
Recevez une alerte automatique à chaque nouvelle CVE affectant vos équipements.