CVE-2014-8540

EUVD-2014-8377
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
Affected Products (NVD)
VendorProductVersion
gitlabgitlab
6.0.0 ≤
𝑥
≤ 6.9.2
gitlabgitlab
7.0.0 ≤
𝑥
< 7.4.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gitlab
sid
16.8.4-1
fixed
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2014/10/31/2
http://www.securityfocus.com/bid/70841
https://about.gitlab.com/2014/10/30/gitlab-7-4-3-released/
https://exchange.xforce.ibmcloud.com/vulnerabilities/98449
https://gitlab.com/gitlab-org/gitlab-ce/commit/a2dfff418bf2532ebb5aee88414107929b17eefd
http://www.openwall.com/lists/oss-security/2014/10/31/2
http://www.securityfocus.com/bid/70841
https://about.gitlab.com/2014/10/30/gitlab-7-4-3-released/
https://exchange.xforce.ibmcloud.com/vulnerabilities/98449
https://gitlab.com/gitlab-org/gitlab-ce/commit/a2dfff418bf2532ebb5aee88414107929b17eefd