The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/138368/GitLab-Impersonate-Privilege-Escalation.html | Exploit Third Party Advisory VDB Entry |
https://about.gitlab.com/2016/05/02/cve-2016-4340-patches/ | Mitigation Patch Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab-ce/issues/15548 | Issue Tracking Vendor Advisory Patch |
https://www.exploit-db.com/exploits/40236/ | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-01-23T21:00:00
Updated: 2017-01-23T19:57:01
Reserved: 2016-04-27T00:00:00
Link: CVE-2016-4340
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-01-23T21:59:01.487
Modified: 2017-01-25T13:59:01.463
Link: CVE-2016-4340
JSON object: View
Redhat Information
No data.
CWE