Описание
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-8540
- https://about.gitlab.com/2014/10/30/gitlab-7-4-3-released
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98449
- https://gitlab.com/gitlab-org/gitlab-ce/commit/a2dfff418bf2532ebb5aee88414107929b17eefd
- http://www.openwall.com/lists/oss-security/2014/10/31/2
- http://www.securityfocus.com/bid/70841
Связанные уязвимости
CVSS3: 6.5
nvd
почти 8 лет назад
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.
CVSS3: 6.5
debian
почти 8 лет назад
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authen ...