oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request for GitLab groups API

From: Valery Sizov <valery () gitlab com>
Date: Thu, 30 Oct 2014 17:41:02 +0200
Hello,
I would like to request a CVE identifier for a vulnerability in the groups
API of GitLab.

Affected versions:
The groups API vulnerability affects GitLab 6.0 and up.

Impact:
The vulnerability patched by this release allows a guest user to delete the
owner of a group and to assign any other member as owner through the groups
API.

You can read more details here
https://about.gitlab.com/2014/10/30/gitlab-7-4-3-released/
Previous By Date Next
Previous By Thread Next

Current thread: