PT-2017-8482 · Gitlab · Gitlab

Kaimi

Published

2017-01-23

Updated

2017-01-25

CVE-2016-4340

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Gitlab versions 8.2.0 through 8.2.4 Gitlab versions 8.3.0 through 8.3.8 Gitlab versions 8.4.0 through 8.4.9 Gitlab versions 8.5.0 through 8.5.11 Gitlab versions 8.6.0 through 8.6.7 Gitlab version 8.7.0

Description The impersonate feature in Gitlab allows remote authenticated users to log in as any other user via unspecified vectors.

Recommendations For Gitlab versions 8.2.0 through 8.2.4, consider disabling the impersonate feature until a patch is available. For Gitlab versions 8.3.0 through 8.3.8, consider disabling the impersonate feature until a patch is available. For Gitlab versions 8.4.0 through 8.4.9, consider disabling the impersonate feature until a patch is available. For Gitlab versions 8.5.0 through 8.5.11, consider disabling the impersonate feature until a patch is available. For Gitlab versions 8.6.0 through 8.6.7, consider disabling the impersonate feature until a patch is available. For Gitlab version 8.7.0, consider disabling the impersonate feature until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2016-4340

Affected Products

Gitlab

PT-2017-8482 · Gitlab · Gitlab

CVE-2016-4340

Weakness Enumeration

Related Identifiers

Affected Products

References · 12