Описание
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-8540
- https://about.gitlab.com/2014/10/30/gitlab-7-4-3-released
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98449
- https://gitlab.com/gitlab-org/gitlab-ce/commit/a2dfff418bf2532ebb5aee88414107929b17eefd
- http://www.openwall.com/lists/oss-security/2014/10/31/2
- http://www.securityfocus.com/bid/70841
Связанные уязвимости
CVSS3: 6.5
nvd
больше 7 лет назад
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.
CVSS3: 6.5
debian
больше 7 лет назад
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authen ...