Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-4546

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2013-4546
Last Modified 14 May 2014 01:07:38
Published 13 May 2014 11:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2013-4546

Summary

The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.

Vulnerable Systems

Application

  • Gitlab 5.0.0

  • Gitlab 5.0.1

  • Gitlab 5.1.0

  • Gitlab 5.2.0

  • Gitlab 5.3.0

  • Gitlab 5.4.0

  • Gitlab 5.4.1

  • Gitlab 5.4.2

  • Gitlab 6.0.0

  • Gitlab 6.1.0

  • Gitlab 6.2.0

  • Gitlab 6.2.1

  • Gitlab 6.2.2

  • Gitlab-shell 1.0.4

  • Gitlab-shell 1.1.0

  • Gitlab-shell 1.2.0

  • Gitlab-shell 1.3.0

  • Gitlab-shell 1.4.0

  • Gitlab-shell 1.5.0

  • Gitlab-shell 1.6.0

  • Gitlab-shell 1.7.0

  • Gitlab-shell 1.7.1

  • Gitlab-shell 1.7.2

  • Gitlab-shell 1.7.3


References

CONFIRM - https://www.gitlab.com/2013/11/08/security-vulnerability-in-gitlab-shell/

CONFIRM - https://gitlab.com/gitlab-org/gitlab-shell/blob/master/CHANGELOG

MLIST - [oss-security] 20131111 Security vulnerability in gitlab-shell (CVE-2013-4546)


Last Updated: 27 May 2016 11:05:13