Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for gitlab-shell by gitlab
CVE-2013-4582 (GCVE-0-2013-4582)
Vulnerability from cvelistv5 – Published: 2020-01-28 15:17 – Updated: 2024-08-06 16:45
VLAI
Summary
The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface.
Severity
No CVSS data available.
CWE
- Path Disclosure
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2013/11/15/4 | x_refsource_MISC |
| https://www.gitlab.com/2013/11/14/multiple-critic… | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2013/… | x_refsource_MISC |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| GitLab | GitLab |
Affected:
5.0 before 5.4.2
|
|
| GitLab | GitLab Community Edition |
Affected:
before 6.2.4
|
|
| GitLab | GitLab Enterprise Edition |
Affected:
before 6.2.1
|
|
| GitLab | gitlab-shell |
Affected:
before 1.7.8
|
Date Public
2013-11-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:15.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/15/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2013/11/18/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitLab",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": "5.0 before 5.4.2"
}
]
},
{
"product": "GitLab Community Edition",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": "before 6.2.4"
}
]
},
{
"product": "GitLab Enterprise Edition",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": "before 6.2.1"
}
]
},
{
"product": "gitlab-shell",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": "before 1.7.8"
}
]
}
],
"datePublic": "2013-11-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-28T15:17:23.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/15/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2013/11/18/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": "5.0 before 5.4.2"
}
]
}
},
{
"product_name": "GitLab Community Edition",
"version": {
"version_data": [
{
"version_value": "before 6.2.4"
}
]
}
},
{
"product_name": "GitLab Enterprise Edition",
"version": {
"version_data": [
{
"version_value": "before 6.2.1"
}
]
}
},
{
"product_name": "gitlab-shell",
"version": {
"version_data": [
{
"version_value": "before 1.7.8"
}
]
}
}
]
},
"vendor_name": "GitLab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2013/11/15/4",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/11/15/4"
},
{
"name": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/",
"refsource": "MISC",
"url": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/"
},
{
"name": "https://www.openwall.com/lists/oss-security/2013/11/18/4",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2013/11/18/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4582",
"datePublished": "2020-01-28T15:17:23.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:45:15.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4583 (GCVE-0-2013-4583)
Vulnerability from cvelistv5 – Published: 2020-01-28 15:11 – Updated: 2024-08-06 16:45
VLAI
Summary
The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories.
Severity
No CVSS data available.
CWE
- Directory Traversal (Local File Inclusion)
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2013/11/15/4 | x_refsource_MISC |
| https://www.gitlab.com/2013/11/14/multiple-critic… | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2013/… | x_refsource_MISC |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| GitLab | GitLab |
Affected:
5.0 before 5.4.2
|
|
| GitLab | GitLab Community Edition |
Affected:
before 6.2.4
|
|
| GitLab | GitLab Enterprise Edition |
Affected:
before 6.2.1
|
|
| GitLab | gitlab-shell |
Affected:
before 1.7.8
|
Date Public
2013-11-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/15/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2013/11/18/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitLab",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": "5.0 before 5.4.2"
}
]
},
{
"product": "GitLab Community Edition",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": "before 6.2.4"
}
]
},
{
"product": "GitLab Enterprise Edition",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": "before 6.2.1"
}
]
},
{
"product": "gitlab-shell",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": "before 1.7.8"
}
]
}
],
"datePublic": "2013-11-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal (Local File Inclusion)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-28T15:11:45.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/15/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2013/11/18/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": "5.0 before 5.4.2"
}
]
}
},
{
"product_name": "GitLab Community Edition",
"version": {
"version_data": [
{
"version_value": "before 6.2.4"
}
]
}
},
{
"product_name": "GitLab Enterprise Edition",
"version": {
"version_data": [
{
"version_value": "before 6.2.1"
}
]
}
},
{
"product_name": "gitlab-shell",
"version": {
"version_data": [
{
"version_value": "before 1.7.8"
}
]
}
}
]
},
"vendor_name": "GitLab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal (Local File Inclusion)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2013/11/15/4",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/11/15/4"
},
{
"name": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/",
"refsource": "MISC",
"url": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/"
},
{
"name": "https://www.openwall.com/lists/oss-security/2013/11/18/4",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2013/11/18/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4583",
"datePublished": "2020-01-28T15:11:45.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:45:14.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4546 (GCVE-0-2013-4546)
Vulnerability from cvelistv5 – Published: 2014-05-13 15:00 – Updated: 2024-08-06 16:45
VLAI
Summary
The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.gitlab.com/2013/11/08/security-vulner… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2013/11/11/2 | mailing-listx_refsource_MLIST |
| https://gitlab.com/gitlab-org/gitlab-shell/blob/m… | x_refsource_CONFIRM |
Date Public
2013-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:15.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gitlab.com/2013/11/08/security-vulnerability-in-gitlab-shell/"
},
{
"name": "[oss-security] 20131111 Security vulnerability in gitlab-shell (CVE-2013-4546)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/11/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab-shell/blob/master/CHANGELOG"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-13T14:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gitlab.com/2013/11/08/security-vulnerability-in-gitlab-shell/"
},
{
"name": "[oss-security] 20131111 Security vulnerability in gitlab-shell (CVE-2013-4546)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/11/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gitlab-org/gitlab-shell/blob/master/CHANGELOG"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.gitlab.com/2013/11/08/security-vulnerability-in-gitlab-shell/",
"refsource": "CONFIRM",
"url": "https://www.gitlab.com/2013/11/08/security-vulnerability-in-gitlab-shell/"
},
{
"name": "[oss-security] 20131111 Security vulnerability in gitlab-shell (CVE-2013-4546)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/11/11/2"
},
{
"name": "https://gitlab.com/gitlab-org/gitlab-shell/blob/master/CHANGELOG",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gitlab-org/gitlab-shell/blob/master/CHANGELOG"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4546",
"datePublished": "2014-05-13T15:00:00.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:45:15.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4490 (GCVE-0-2013-4490)
Vulnerability from cvelistv5 – Published: 2014-05-13 15:00 – Updated: 2024-08-06 16:45
VLAI
Summary
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-a… | x_refsource_CONFIRM |
Date Public
2013-11-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-13T14:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/",
"refsource": "CONFIRM",
"url": "https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4490",
"datePublished": "2014-05-13T15:00:00.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:45:14.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4581 (GCVE-0-2013-4581)
Vulnerability from cvelistv5 – Published: 2014-05-12 14:00 – Updated: 2024-08-06 16:45
VLAI
Summary
GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2013/11/15/4 | mailing-listx_refsource_MLIST |
| https://www.gitlab.com/2013/11/14/multiple-critic… | x_refsource_CONFIRM |
Date Public
2013-11-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131114 Re: Requesting four (4) CVE identifiers for GitLab",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/15/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-12T13:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20131114 Re: Requesting four (4) CVE identifiers for GitLab",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/15/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131114 Re: Requesting four (4) CVE identifiers for GitLab",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/11/15/4"
},
{
"name": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/",
"refsource": "CONFIRM",
"url": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4581",
"datePublished": "2014-05-12T14:00:00.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:45:14.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4582 (GCVE-0-2013-4582)
Vulnerability from nvd – Published: 2020-01-28 15:17 – Updated: 2024-08-06 16:45
VLAI
Summary
The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface.
Severity
No CVSS data available.
CWE
- Path Disclosure
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2013/11/15/4 | x_refsource_MISC |
| https://www.gitlab.com/2013/11/14/multiple-critic… | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2013/… | x_refsource_MISC |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| GitLab | GitLab |
Affected:
5.0 before 5.4.2
|
|
| GitLab | GitLab Community Edition |
Affected:
before 6.2.4
|
|
| GitLab | GitLab Enterprise Edition |
Affected:
before 6.2.1
|
|
| GitLab | gitlab-shell |
Affected:
before 1.7.8
|
Date Public
2013-11-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:15.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/15/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2013/11/18/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitLab",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": "5.0 before 5.4.2"
}
]
},
{
"product": "GitLab Community Edition",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": "before 6.2.4"
}
]
},
{
"product": "GitLab Enterprise Edition",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": "before 6.2.1"
}
]
},
{
"product": "gitlab-shell",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": "before 1.7.8"
}
]
}
],
"datePublic": "2013-11-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-28T15:17:23.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/15/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2013/11/18/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": "5.0 before 5.4.2"
}
]
}
},
{
"product_name": "GitLab Community Edition",
"version": {
"version_data": [
{
"version_value": "before 6.2.4"
}
]
}
},
{
"product_name": "GitLab Enterprise Edition",
"version": {
"version_data": [
{
"version_value": "before 6.2.1"
}
]
}
},
{
"product_name": "gitlab-shell",
"version": {
"version_data": [
{
"version_value": "before 1.7.8"
}
]
}
}
]
},
"vendor_name": "GitLab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2013/11/15/4",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/11/15/4"
},
{
"name": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/",
"refsource": "MISC",
"url": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/"
},
{
"name": "https://www.openwall.com/lists/oss-security/2013/11/18/4",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2013/11/18/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4582",
"datePublished": "2020-01-28T15:17:23.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:45:15.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4583 (GCVE-0-2013-4583)
Vulnerability from nvd – Published: 2020-01-28 15:11 – Updated: 2024-08-06 16:45
VLAI
Summary
The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories.
Severity
No CVSS data available.
CWE
- Directory Traversal (Local File Inclusion)
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2013/11/15/4 | x_refsource_MISC |
| https://www.gitlab.com/2013/11/14/multiple-critic… | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2013/… | x_refsource_MISC |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| GitLab | GitLab |
Affected:
5.0 before 5.4.2
|
|
| GitLab | GitLab Community Edition |
Affected:
before 6.2.4
|
|
| GitLab | GitLab Enterprise Edition |
Affected:
before 6.2.1
|
|
| GitLab | gitlab-shell |
Affected:
before 1.7.8
|
Date Public
2013-11-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/15/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2013/11/18/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitLab",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": "5.0 before 5.4.2"
}
]
},
{
"product": "GitLab Community Edition",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": "before 6.2.4"
}
]
},
{
"product": "GitLab Enterprise Edition",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": "before 6.2.1"
}
]
},
{
"product": "gitlab-shell",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": "before 1.7.8"
}
]
}
],
"datePublic": "2013-11-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal (Local File Inclusion)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-28T15:11:45.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/15/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2013/11/18/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": "5.0 before 5.4.2"
}
]
}
},
{
"product_name": "GitLab Community Edition",
"version": {
"version_data": [
{
"version_value": "before 6.2.4"
}
]
}
},
{
"product_name": "GitLab Enterprise Edition",
"version": {
"version_data": [
{
"version_value": "before 6.2.1"
}
]
}
},
{
"product_name": "gitlab-shell",
"version": {
"version_data": [
{
"version_value": "before 1.7.8"
}
]
}
}
]
},
"vendor_name": "GitLab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal (Local File Inclusion)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2013/11/15/4",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/11/15/4"
},
{
"name": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/",
"refsource": "MISC",
"url": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/"
},
{
"name": "https://www.openwall.com/lists/oss-security/2013/11/18/4",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2013/11/18/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4583",
"datePublished": "2020-01-28T15:11:45.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:45:14.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4546 (GCVE-0-2013-4546)
Vulnerability from nvd – Published: 2014-05-13 15:00 – Updated: 2024-08-06 16:45
VLAI
Summary
The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.gitlab.com/2013/11/08/security-vulner… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2013/11/11/2 | mailing-listx_refsource_MLIST |
| https://gitlab.com/gitlab-org/gitlab-shell/blob/m… | x_refsource_CONFIRM |
Date Public
2013-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:15.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gitlab.com/2013/11/08/security-vulnerability-in-gitlab-shell/"
},
{
"name": "[oss-security] 20131111 Security vulnerability in gitlab-shell (CVE-2013-4546)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/11/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab-shell/blob/master/CHANGELOG"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-13T14:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gitlab.com/2013/11/08/security-vulnerability-in-gitlab-shell/"
},
{
"name": "[oss-security] 20131111 Security vulnerability in gitlab-shell (CVE-2013-4546)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/11/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gitlab-org/gitlab-shell/blob/master/CHANGELOG"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.gitlab.com/2013/11/08/security-vulnerability-in-gitlab-shell/",
"refsource": "CONFIRM",
"url": "https://www.gitlab.com/2013/11/08/security-vulnerability-in-gitlab-shell/"
},
{
"name": "[oss-security] 20131111 Security vulnerability in gitlab-shell (CVE-2013-4546)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/11/11/2"
},
{
"name": "https://gitlab.com/gitlab-org/gitlab-shell/blob/master/CHANGELOG",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gitlab-org/gitlab-shell/blob/master/CHANGELOG"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4546",
"datePublished": "2014-05-13T15:00:00.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:45:15.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4490 (GCVE-0-2013-4490)
Vulnerability from nvd – Published: 2014-05-13 15:00 – Updated: 2024-08-06 16:45
VLAI
Summary
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-a… | x_refsource_CONFIRM |
Date Public
2013-11-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-13T14:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/",
"refsource": "CONFIRM",
"url": "https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4490",
"datePublished": "2014-05-13T15:00:00.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:45:14.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4581 (GCVE-0-2013-4581)
Vulnerability from nvd – Published: 2014-05-12 14:00 – Updated: 2024-08-06 16:45
VLAI
Summary
GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2013/11/15/4 | mailing-listx_refsource_MLIST |
| https://www.gitlab.com/2013/11/14/multiple-critic… | x_refsource_CONFIRM |
Date Public
2013-11-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131114 Re: Requesting four (4) CVE identifiers for GitLab",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/15/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-12T13:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20131114 Re: Requesting four (4) CVE identifiers for GitLab",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/15/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131114 Re: Requesting four (4) CVE identifiers for GitLab",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/11/15/4"
},
{
"name": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/",
"refsource": "CONFIRM",
"url": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4581",
"datePublished": "2014-05-12T14:00:00.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:45:14.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}