Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-4580

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2013-4580
Last Modified 12 May 2014 02:07:19
Published 12 May 2014 10:55:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-4580

Summary

GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentications via unspecified API calls.

Vulnerable Systems

Application

  • Gitlab 0.8.0

  • Gitlab 0.9.1

  • Gitlab 0.9.4

  • Gitlab 0.9.6

  • Gitlab 1.0.0

  • Gitlab 1.0.1

  • Gitlab 1.0.2

  • Gitlab 1.1.0

  • Gitlab 1.2.0

  • Gitlab 1.2.1

  • Gitlab 1.2.2

  • Gitlab 2.0.0

  • Gitlab 2.1.0

  • Gitlab 2.2.0

  • Gitlab 2.3.0

  • Gitlab 2.3.1

  • Gitlab 2.4.0

  • Gitlab 2.5.0

  • Gitlab 2.6.0

  • Gitlab 2.7.0

  • Gitlab 2.8.0

  • Gitlab 2.8.1

  • Gitlab 2.9.0

  • Gitlab 2.9.1

  • Gitlab 3.0.0

  • Gitlab 3.0.1

  • Gitlab 3.0.2

  • Gitlab 3.0.3

  • Gitlab 3.1.0

  • Gitlab 4.0.0

  • Gitlab 4.1.0

  • Gitlab 4.2.0

  • Gitlab 5.0.0

  • Gitlab 5.0.1

  • Gitlab 5.1.0

  • Gitlab 5.2.0

  • Gitlab 5.3.0

  • Gitlab 5.4.0

  • Gitlab 5.4.1

  • Gitlab 5.4.2

  • Gitlab 6.0.0

  • Gitlab 6.1.0

  • Gitlab 6.2.0

  • Gitlab 6.2.1

  • Gitlab 6.2.2

  • Gitlab 6.2.3


References

CONFIRM - https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/

MLIST - [oss-security] 20131114 Re: Requesting four (4) CVE identifiers for GitLab


Last Updated: 27 May 2016 11:05:13