ID:3811 - Exploit for Permissions, Privileges, and Access Controls in Gitlab Community Edition - CVE-2016-4340

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:3811 - Exploit for Permissions, Privileges, and Access Controls in Gitlab Community Edition - CVE-2016-4340

ID:3811 - Exploit for Permissions, Privileges, and Access Controls in Gitlab Community Edition - CVE-2016-4340

Published: August 9, 2020


Vulnerability identifier: #VU39801
Vulnerability risk: High
CVE-ID: CVE-2016-4340
CWE-ID: CWE-264
Exploitation vector: Remote access
Vulnerable software:
Gitlab Community Edition

Link to public exploit:


Vulnerability description

The vulnerability allows a remote authenticated user to execute arbitrary code.

The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors.


Remediation

Install update from vendor's website.