Vulnerability Description
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.
CVSS Score
6.5
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gitlab | Gitlab | >= 6.0.0, <= 6.9.2 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2014/10/31/2Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/70841Third Party AdvisoryVDB Entry
- https://about.gitlab.com/2014/10/30/gitlab-7-4-3-released/PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98449Third Party AdvisoryVDB Entry
- https://gitlab.com/gitlab-org/gitlab-ce/commit/a2dfff418bf2532ebb5aee88414107929Patch
- http://www.openwall.com/lists/oss-security/2014/10/31/2Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/70841Third Party AdvisoryVDB Entry
- https://about.gitlab.com/2014/10/30/gitlab-7-4-3-released/PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98449Third Party AdvisoryVDB Entry
- https://gitlab.com/gitlab-org/gitlab-ce/commit/a2dfff418bf2532ebb5aee88414107929Patch
FAQ
What is CVE-2014-8540?
CVE-2014-8540 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.
How severe is CVE-2014-8540?
CVE-2014-8540 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8540?
Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.