The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors.
CVSS v3.0 Score
8.8
/ 10.0
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Information
- Published
- 23 janv. 2017
- Updated
- 20 avr. 2025
- Status
- Deferred
- Source
- cve@mitre.org
Affected products
gitlab gitlab
Versions : 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4
Weaknesses (CWE)
CWE-264
References (8)
- http://packetstormsecurity.com/files/138368/GitLab-Impersonate-Privilege-Escalation.htmlExploitThird Party AdvisoryVDB Entry
- https://about.gitlab.com/2016/05/02/cve-2016-4340-patches/MitigationPatchVendor Advisory
- https://gitlab.com/gitlab-org/gitlab-ce/issues/15548Issue TrackingPatchVendor Advisory
- https://www.exploit-db.com/exploits/40236/ExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/138368/GitLab-Impersonate-Privilege-Escalation.htmlExploitThird Party AdvisoryVDB Entry
- https://about.gitlab.com/2016/05/02/cve-2016-4340-patches/MitigationPatchVendor Advisory
- https://gitlab.com/gitlab-org/gitlab-ce/issues/15548Issue TrackingPatchVendor Advisory
- https://www.exploit-db.com/exploits/40236/ExploitThird Party AdvisoryVDB Entry
Similar CVEs
Other vulnerabilities of type CWE-264
Loading…
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.