Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-4489

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2013-4489
Last Modified 19 May 2014 12:38:35
Published 17 May 2014 04:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2013-4489

Summary

The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature.

Vulnerable Systems

Application

  • Gitlab 5.2.0

  • Gitlab 5.3.0

  • Gitlab 5.4.0

  • Gitlab 6.0.0

  • Gitlab 6.1.0

  • Gitlab 6.2.0

  • Gitlab 6.2.1

  • Gitlab 6.2.2


References

CONFIRM - https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/


Last Updated: 27 May 2016 11:05:18