PT-2017-8482 · Gitlab · Gitlab
Kaimi
·
Publicado
2017-01-23
·
Atualizado
2017-01-25
·
CVE-2016-4340
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Gitlab versions 8.2.0 through 8.2.4
Gitlab versions 8.3.0 through 8.3.8
Gitlab versions 8.4.0 through 8.4.9
Gitlab versions 8.5.0 through 8.5.11
Gitlab versions 8.6.0 through 8.6.7
Gitlab version 8.7.0
Description
The impersonate feature in Gitlab allows remote authenticated users to log in as any other user via unspecified vectors.
Recommendations
For Gitlab versions 8.2.0 through 8.2.4, consider disabling the impersonate feature until a patch is available.
For Gitlab versions 8.3.0 through 8.3.8, consider disabling the impersonate feature until a patch is available.
For Gitlab versions 8.4.0 through 8.4.9, consider disabling the impersonate feature until a patch is available.
For Gitlab versions 8.5.0 through 8.5.11, consider disabling the impersonate feature until a patch is available.
For Gitlab versions 8.6.0 through 8.6.7, consider disabling the impersonate feature until a patch is available.
For Gitlab version 8.7.0, consider disabling the impersonate feature until a patch is available.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Gitlab