Lucene search
RedhatCVE-2013-4489HistoryMay 17, 2014 - 8:55 p.m.
CVE-2013-4489
2014-05-1720:55:02
redhat
web.nvd.nist.gov
29
grit gem
ruby
gitlab
remote code execution
cve-2013-4489
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
7.1
Confidence
Low
EPSS
0.002
Percentile
57.5%
The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature.
Affected configurations
Node
gitlabgitlabMatch5.2.0
ORgitlabgitlabMatch5.3.0
ORgitlabgitlabMatch5.4.0
ORgitlabgitlabMatch6.0.0
ORgitlabgitlabMatch6.1.0
ORgitlabgitlabMatch6.2.0
ORgitlabgitlabMatch6.2.1
ORgitlabgitlabMatch6.2.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| gitlab | gitlab | 5.2.0 | cpe:2.3:a:gitlab:gitlab:5.2.0:*:*:*:*:*:*:* |
| gitlab | gitlab | 5.3.0 | cpe:2.3:a:gitlab:gitlab:5.3.0:*:*:*:*:*:*:* |
| gitlab | gitlab | 5.4.0 | cpe:2.3:a:gitlab:gitlab:5.4.0:*:*:*:*:*:*:* |
| gitlab | gitlab | 6.0.0 | cpe:2.3:a:gitlab:gitlab:6.0.0:*:*:*:*:*:*:* |
| gitlab | gitlab | 6.1.0 | cpe:2.3:a:gitlab:gitlab:6.1.0:*:*:*:*:*:*:* |
| gitlab | gitlab | 6.2.0 | cpe:2.3:a:gitlab:gitlab:6.2.0:*:*:*:*:*:*:* |
| gitlab | gitlab | 6.2.1 | cpe:2.3:a:gitlab:gitlab:6.2.1:*:*:*:*:*:*:* |
| gitlab | gitlab | 6.2.2 | cpe:2.3:a:gitlab:gitlab:6.2.2:*:*:*:*:*:*:* |
Related
osv
osv
rubygems
rubygems
GitLab Grit Gem for Ruby contains a flaw
2013-11-03 20:00:00
debiancve
debiancve
CVE-2013-4489
2014-05-17 20:55:02
github
github
prion
prion
Design/Logic Flaw
2014-05-17 20:55:00
cvelist
cvelist
CVE-2013-4489
2014-05-17 20:00:00
nvd
nvd
CVE-2013-4489
2014-05-17 20:55:02
openvas
openvas
GitLab Community Edition 4.2.x - 5.4.0, 6.x - 6.2.2 Multiple Vulnerabilities
2022-03-28 00:00:00
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
7.1
Confidence
Low
EPSS
0.002
Percentile
57.5%
Related for CVE-2013-4489