CVE-2014-8540

Опубликовано: 05 янв. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.

Ссылки

http://www.openwall.com/lists/oss-security/2014/10/31/2
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/70841
Third Party Advisory
VDB Entry
https://about.gitlab.com/2014/10/30/gitlab-7-4-3-released/
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/98449
Third Party Advisory
VDB Entry
https://gitlab.com/gitlab-org/gitlab-ce/commit/a2dfff418bf2532ebb5aee88414107929b17eefd
Patch
http://www.openwall.com/lists/oss-security/2014/10/31/2
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/70841
Third Party Advisory
VDB Entry
https://about.gitlab.com/2014/10/30/gitlab-7-4-3-released/
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/98449
Third Party Advisory
VDB Entry
https://gitlab.com/gitlab-org/gitlab-ce/commit/a2dfff418bf2532ebb5aee88414107929b17eefd
Patch

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*

Версия от 6.0.0 (включая) до 6.9.2 (включая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*

Версия от 7.0.0 (включая) до 7.4.3 (исключая)

EPSS

Процентиль: 54%

0.0032

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2014-8540

CVSS3: 6.5

debian

больше 7 лет назад

The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authen ...

GHSA-f2h5-25cx-h2f5

CVSS3: 6.5

github

около 3 лет назад

The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.

EPSS

Процентиль: 54%

0.0032

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-264