6.5
CVE-2014-8540
- EPSS 2.16%
- Veröffentlicht 05.01.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 02:19:17
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.16% | 0.798 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|
http://www.openwall.com/lists/oss-security/2014/10/31/2
http://www.securityfocus.com/bid/70841
https://about.gitlab.com/2014/10/30/gitlab-7-4-3-released/
https://exchange.xforce.ibmcloud.com/vulnerabilities/98449
https://gitlab.com/gitlab-org/gitlab-ce/commit/a2dfff418bf2532ebb5aee88414107929b17eefd