Gitlab 'groups' API security restrictions bypass vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201455334
Type myhack58
Reporter 佚名
Modified 2014-11-01T00:00:00


Affected system:

GitLab GitLab 6. x


BUGTRAQ ID: 7 0 8 4 1

GitLab is a use of Ruby on Rails development, Open Source Application, to achieve a self-hosted Git project repository, through a Web interface to access the public or private projects.

Gitlab 6.0 and later on the realization of the presence of groups API vulnerability, an attacker can exploit this vulnerability to bypass certain security restrictions, perform unauthorized actions.



The current vendors have released an upgrade patch to fix this security issue, please go to the manufacturers home page download: