CVE-2014-8540 — Gitlab vulnerability

CWE-2644 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 44.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab

Timeline

PublishedJan 5

Latest updateMay 14

Description

The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDgitlab/gitlab7.0.0 — 7.4.3+1

▶debiandebian/gitlab

▶gitlabgitlab/gitlab

Patches

Patch: about.gitlab.com ↗Patch: gitlab.com ↗Patch: about.gitlab.com ↗

🔴Vulnerability Details

GHSA

GHSA-f2h5-25cx-h2f5: The groups API in GitLab 6↗2022-05-14

▶

📋Vendor Advisories

GitLab

CVE-2014-8540: The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improp↗2018-01-05

▶

Debian

CVE-2014-8540: gitlab - The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated gu...↗2014

▶