Описание
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-8540
- https://about.gitlab.com/2014/10/30/gitlab-7-4-3-released
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98449
- https://gitlab.com/gitlab-org/gitlab-ce/commit/a2dfff418bf2532ebb5aee88414107929b17eefd
- http://www.openwall.com/lists/oss-security/2014/10/31/2
- http://www.securityfocus.com/bid/70841
Связанные уязвимости
CVSS3: 6.5
nvd
около 8 лет назад
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.
CVSS3: 6.5
debian
около 8 лет назад
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authen ...