oss-sec mailing list archives
CVE request for GitLab groups API
From: Valery Sizov <valery () gitlab com>
Date: Thu, 30 Oct 2014 17:41:02 +0200
Hello, I would like to request a CVE identifier for a vulnerability in the groups API of GitLab. Affected versions: The groups API vulnerability affects GitLab 6.0 and up. Impact: The vulnerability patched by this release allows a guest user to delete the owner of a group and to assign any other member as owner through the groups API. You can read more details here https://about.gitlab.com/2014/10/30/gitlab-7-4-3-released/
Current thread:
- CVE request for GitLab groups API Valery Sizov (Oct 30)
- Re: CVE request for GitLab groups API cve-assign (Oct 30)