cve/2016/CVE-2016-4340.md

### [CVE-2016-4340](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4340)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors.

### POC

#### Reference
- http://packetstormsecurity.com/files/138368/GitLab-Impersonate-Privilege-Escalation.html
- https://www.exploit-db.com/exploits/40236/

#### Github
- https://github.com/ARPSyndicate/cvemon
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2016-4340](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4340)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors.`

			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/138368/GitLab-Impersonate-Privilege-Escalation.html`
			`- https://www.exploit-db.com/exploits/40236/`

			`#### Github`
			`- https://github.com/ARPSyndicate/cvemon`