High severity8.8NVD Advisory· Published Jan 23, 2017· Updated May 13, 2026

CVE-2016-4340

Description

The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

about.gitlab.com/2016/05/02/cve-2016-4340-patches/nvdMitigationPatchVendor Advisory
gitlab.com/gitlab-org/gitlab-ce/issues/15548nvdIssue TrackingPatchVendor Advisory
packetstormsecurity.com/files/138368/GitLab-Impersonate-Privilege-Escalation.htmlnvdExploitThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/40236/nvdExploitThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.002
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000