User Impersonation Vulnerability in Gitlab 8.7.0 and earlier versions

User Impersonation Vulnerability in Gitlab 8.7.0 and earlier versions

CVE-2016-4340 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors.

Learn more about our User Device Pen Test.