CVE-2014-8540
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.
| Software | From | Fixed in |
|---|---|---|
| gitlab / gitlab | 6.0.0 | 6.9.2.x |
| gitlab / gitlab | 7.0.0 | 7.4.3 |
- http://www.openwall.com/lists/oss-security/2014/10/31/2
- http://www.securityfocus.com/bid/70841
- https://about.gitlab.com/2014/10/30/gitlab-7-4-3-released/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98449
- https://gitlab.com/gitlab-org/gitlab-ce/commit/a2dfff418bf2532ebb5aee88414107929b17eefd
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime