{"containers":{"cna":{"affected":[{"product":"GitLab Community Edition & GitLab Enterprise Edition 8.13.0, 8.13.0-ee, 8.13.1, 8.13.1-ee, 8.13.2, 8.13.2-ee, 8.13.3, 8.13.3-ee, 8.13.4, 8.13.4-ee, 8.13.5, 8.13.5-ee, 8.13.6, 8.13.6-ee, 8.13.7, 8.14.0, 8.14.0-ee, 8.14.1","vendor":"n/a","versions":[{"status":"affected","version":"GitLab Community Edition & GitLab Enterprise Edition 8.13.0, 8.13.0-ee, 8.13.1, 8.13.1-ee, 8.13.2, 8.13.2-ee, 8.13.3, 8.13.3-ee, 8.13.4, 8.13.4-ee, 8.13.5, 8.13.5-ee, 8.13.6, 8.13.6-ee, 8.13.7, 8.14.0, 8.14.0-ee, 8.14.1"}]}],"datePublic":"2017-03-27T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be exploited by an unauthenticated user. A fix was included in versions 8.14.3, 8.13.8, and 8.12.11, which were released on December 5th 2016 at 3:59 PST. The GitLab versions vulnerable to this are 8.13.0, 8.13.0-ee, 8.13.1, 8.13.1-ee, 8.13.2, 8.13.2-ee, 8.13.3, 8.13.3-ee, 8.13.4, 8.13.4-ee, 8.13.5, 8.13.5-ee, 8.13.6, 8.13.6-ee, 8.13.7, 8.14.0, 8.14.0-ee, 8.14.1, 8.14.2, and 8.14.2-ee."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-749","description":"Exposed Dangerous Method or Function (CWE-749)","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2017-03-28T02:57:01.000Z","orgId":"36234546-b8fa-4601-9d6f-f4e334aa8ea1","shortName":"hackerone"},"references":[{"tags":["x_refsource_MISC"],"url":"https://gitlab.com/gitlab-org/gitlab-ce/commit/f325e4e734e5e486f3b02db176eb629124052b43"},{"tags":["x_refsource_MISC"],"url":"https://gitlab.com/gitlab-org/gitlab-ce/commit/55196497301eea429913f9c4b1b37c42c2e358ce"},{"tags":["x_refsource_MISC"],"url":"https://about.gitlab.com/2016/12/05/cve-2016-9469/"},{"tags":["x_refsource_MISC"],"url":"https://hackerone.com/reports/186194"},{"tags":["x_refsource_MISC"],"url":"https://gitlab.com/gitlab-org/gitlab-ce/issues/25064"},{"tags":["x_refsource_MISC"],"url":"https://gitlab.com/gitlab-org/gitlab-ce/commit/29ceb98b5162677601702704e89d845580372078"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"support@hackerone.com","ID":"CVE-2016-9469","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"GitLab Community Edition & GitLab Enterprise Edition 8.13.0, 8.13.0-ee, 8.13.1, 8.13.1-ee, 8.13.2, 8.13.2-ee, 8.13.3, 8.13.3-ee, 8.13.4, 8.13.4-ee, 8.13.5, 8.13.5-ee, 8.13.6, 8.13.6-ee, 8.13.7, 8.14.0, 8.14.0-ee, 8.14.1","version":{"version_data":[{"version_value":"GitLab Community Edition & GitLab Enterprise Edition 8.13.0, 8.13.0-ee, 8.13.1, 8.13.1-ee, 8.13.2, 8.13.2-ee, 8.13.3, 8.13.3-ee, 8.13.4, 8.13.4-ee, 8.13.5, 8.13.5-ee, 8.13.6, 8.13.6-ee, 8.13.7, 8.14.0, 8.14.0-ee, 8.14.1"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be exploited by an unauthenticated user. A fix was included in versions 8.14.3, 8.13.8, and 8.12.11, which were released on December 5th 2016 at 3:59 PST. The GitLab versions vulnerable to this are 8.13.0, 8.13.0-ee, 8.13.1, 8.13.1-ee, 8.13.2, 8.13.2-ee, 8.13.3, 8.13.3-ee, 8.13.4, 8.13.4-ee, 8.13.5, 8.13.5-ee, 8.13.6, 8.13.6-ee, 8.13.7, 8.14.0, 8.14.0-ee, 8.14.1, 8.14.2, and 8.14.2-ee."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Exposed Dangerous Method or Function (CWE-749)"}]}]},"references":{"reference_data":[{"name":"https://gitlab.com/gitlab-org/gitlab-ce/commit/f325e4e734e5e486f3b02db176eb629124052b43","refsource":"MISC","url":"https://gitlab.com/gitlab-org/gitlab-ce/commit/f325e4e734e5e486f3b02db176eb629124052b43"},{"name":"https://gitlab.com/gitlab-org/gitlab-ce/commit/55196497301eea429913f9c4b1b37c42c2e358ce","refsource":"MISC","url":"https://gitlab.com/gitlab-org/gitlab-ce/commit/55196497301eea429913f9c4b1b37c42c2e358ce"},{"name":"https://about.gitlab.com/2016/12/05/cve-2016-9469/","refsource":"MISC","url":"https://about.gitlab.com/2016/12/05/cve-2016-9469/"},{"name":"https://hackerone.com/reports/186194","refsource":"MISC","url":"https://hackerone.com/reports/186194"},{"name":"https://gitlab.com/gitlab-org/gitlab-ce/issues/25064","refsource":"MISC","url":"https://gitlab.com/gitlab-org/gitlab-ce/issues/25064"},{"name":"https://gitlab.com/gitlab-org/gitlab-ce/commit/29ceb98b5162677601702704e89d845580372078","refsource":"MISC","url":"https://gitlab.com/gitlab-org/gitlab-ce/commit/29ceb98b5162677601702704e89d845580372078"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-06T02:50:38.683Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://gitlab.com/gitlab-org/gitlab-ce/commit/f325e4e734e5e486f3b02db176eb629124052b43"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://gitlab.com/gitlab-org/gitlab-ce/commit/55196497301eea429913f9c4b1b37c42c2e358ce"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://about.gitlab.com/2016/12/05/cve-2016-9469/"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://hackerone.com/reports/186194"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://gitlab.com/gitlab-org/gitlab-ce/issues/25064"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://gitlab.com/gitlab-org/gitlab-ce/commit/29ceb98b5162677601702704e89d845580372078"}]}]},"cveMetadata":{"assignerOrgId":"36234546-b8fa-4601-9d6f-f4e334aa8ea1","assignerShortName":"hackerone","cveId":"CVE-2016-9469","datePublished":"2017-03-28T02:46:00.000Z","dateReserved":"2016-11-19T00:00:00.000Z","dateUpdated":"2024-08-06T02:50:38.683Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}