Description
The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors.
Exploits (1)
References (4)
Core 4
Core References
Mitigation, Patch, Vendor Advisory x_refsource_confirm
https://about.gitlab.com/2016/05/02/cve-2016-4340-patches/
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/40236/
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://gitlab.com/gitlab-org/gitlab-ce/issues/15548
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/138368/GitLab-Impersonate-Privilege-Escalation.html
Scores
CVSS v3
8.8
EPSS
0.0247
EPSS Percentile
85.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-264
Status
published
Products (45)
gitlab/gitlab
8.2.0
gitlab/gitlab
8.2.1
gitlab/gitlab
8.2.2
gitlab/gitlab
8.2.3
gitlab/gitlab
8.2.4
gitlab/gitlab
8.3.0
gitlab/gitlab
8.3.1
gitlab/gitlab
8.3.2
gitlab/gitlab
8.3.3
gitlab/gitlab
8.3.4
... and 35 more
Published
Jan 23, 2017
Tracked Since
Feb 18, 2026