Vulnerability CVE-2016-4340


Published: 2017-01-23

Description:
The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
GitLab Impersonate Privilege Escalation
Kaimi
17.08.2016

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

Vendor: Gitlab
Product: Gitlab 
Version:
8.7.0
8.6.7
8.6.6
8.6.5
8.6.4
8.6.3
8.6.2
8.6.1
8.6.0
8.5.9
8.5.8
8.5.7
8.5.6
8.5.5
8.5.4
8.5.3
8.5.2
8.5.11
8.5.10
8.5.1
8.5.0
8.4.9
8.4.8
8.4.7
8.4.6
8.4.5
8.4.4
8.4.3
8.4.2
8.4.1
8.4.0
8.3.8
8.3.7
8.3.6
8.3.5
8.3.4
8.3.3
8.3.2
8.3.1
8.3.0
8.2.4
8.2.3
8.2.2
8.2.1
8.2.0

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://packetstormsecurity.com/files/138368/GitLab-Impersonate-Privilege-Escalation.html
https://about.gitlab.com/2016/05/02/cve-2016-4340-patches/
https://gitlab.com/gitlab-org/gitlab-ce/issues/15548
https://www.exploit-db.com/exploits/40236/

Related CVE
CVE-2019-18459
An issue was discovered in GitLab Community and Enterprise Edition 11.3 to 12.3 in the protected environments feature. It has Insecure Permissions (issue 3 of 4).
CVE-2019-18454
An issue was discovered in GitLab Community and Enterprise Edition 10.5 through 12.4 in link validation for RDoc wiki pages feature. It has XSS.
CVE-2019-18446
An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4. It has Insecure Permissions (issue 1 of 2).
CVE-2019-18461
An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.3 when a sub group epic is added to a public group. It has Incorrect Access Control.
CVE-2019-18455
An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop.
CVE-2019-18447
An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Insecure Permissions.
CVE-2019-18462
An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4. It has Insecure Permissions.
CVE-2019-18457
An issue was discovered in GitLab Community and Enterprise Edition 11.8 through 12.4 when handling Security tokens.. It has Insecure Permissions.

Copyright 2019, cxsecurity.com

 

Back to Top