Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-4490

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2013-4490
Last Modified 14 May 2014 11:49:13
Published 13 May 2014 11:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2013-4490

Summary

The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.

Vulnerable Systems

Application

  • Gitlab 5.0.0

  • Gitlab 5.0.1

  • Gitlab 5.1.0

  • Gitlab 5.2.0

  • Gitlab 5.3.0

  • Gitlab 5.4.0

  • Gitlab 6.0.0

  • Gitlab 6.1.0

  • Gitlab 6.2.0

  • Gitlab 6.2.1

  • Gitlab 6.2.2

  • Gitlab-shell 1.0.4

  • Gitlab-shell 1.1.0

  • Gitlab-shell 1.2.0

  • Gitlab-shell 1.3.0

  • Gitlab-shell 1.4.0

  • Gitlab-shell 1.5.0

  • Gitlab-shell 1.6.0

  • Gitlab-shell 1.7.0

  • Gitlab-shell 1.7.1

  • Gitlab-shell 1.7.2


References

CONFIRM - https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/


Last Updated: 27 May 2016 11:05:13