CVE-2016-4340

Опубликовано: 23 янв. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors.

Ссылки

http://packetstormsecurity.com/files/138368/GitLab-Impersonate-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
https://about.gitlab.com/2016/05/02/cve-2016-4340-patches/
Mitigation
Patch
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab-ce/issues/15548
Issue Tracking
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/40236/
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/138368/GitLab-Impersonate-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
https://about.gitlab.com/2016/05/02/cve-2016-4340-patches/
Mitigation
Patch
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab-ce/issues/15548
Issue Tracking
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/40236/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:8.2.0:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.2.1:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.2.2:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.2.3:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.2.4:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.3.0:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.3.1:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.3.2:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.3.3:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.3.4:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.3.5:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.3.6:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.3.7:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.3.8:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.4.0:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.4.1:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.4.2:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.4.3:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.4.4:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.4.5:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.4.6:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.4.7:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.4.8:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.4.9:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.5.0:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.5.1:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.5.2:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.5.3:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.5.4:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.5.5:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.5.6:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.5.7:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.5.8:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.5.9:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.5.10:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.5.11:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.6.0:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.6.1:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.6.2:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.6.3:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.6.4:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.6.5:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.6.6:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.6.7:*:*:*:*:*:*:*

cpe:2.3:a:gitlab:gitlab:8.7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02474

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2016-4340

CVSS3: 8.8

ubuntu

почти 9 лет назад

CVE-2016-4340

CVSS3: 8.8

debian

почти 9 лет назад

The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 th ...

GHSA-rxh8-jh3g-ccqq

CVSS3: 8.8

github

больше 3 лет назад

EPSS

Процентиль: 85%

0.02474

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-264