Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 30 Oct 2014 17:41:02 +0200
From: Valery Sizov <valery@...lab.com>
To: oss-security@...ts.openwall.com
Subject: CVE request for GitLab groups API

Hello,
I would like to request a CVE identifier for a vulnerability in the groups
API of GitLab.

Affected versions:
The groups API vulnerability affects GitLab 6.0 and up.

Impact:
The vulnerability patched by this release allows a guest user to delete the
owner of a group and to assign any other member as owner through the groups
API.

You can read more details here
https://about.gitlab.com/2014/10/30/gitlab-7-4-3-released/

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ