Lucene search
HistoryMay 13, 2014 - 3:55 p.m.
CVE-2013-4490
cve-2013-4490
ssh
key upload
gitlab-shell
gitlab
arbitrary commands
metacharacters
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.2 High
AI Score
Confidence
Low
0.222 Low
EPSS
Percentile
96.5%
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.
Affected configurations
Node
gitlabgitlabMatch5.0.0
ORgitlabgitlabMatch5.0.1
ORgitlabgitlabMatch5.1.0
ORgitlabgitlabMatch5.2.0
ORgitlabgitlabMatch5.3.0
ORgitlabgitlabMatch5.4.0
ORgitlabgitlabMatch6.0.0
ORgitlabgitlabMatch6.1.0
ORgitlabgitlabMatch6.2.0
ORgitlabgitlabMatch6.2.1
ORgitlabgitlabMatch6.2.2
ORgitlabgitlab-shellRange≤1.7.2
ORgitlabgitlab-shellMatch1.0.4
ORgitlabgitlab-shellMatch1.1.0
ORgitlabgitlab-shellMatch1.2.0
ORgitlabgitlab-shellMatch1.3.0
ORgitlabgitlab-shellMatch1.4.0
ORgitlabgitlab-shellMatch1.5.0
ORgitlabgitlab-shellMatch1.6.0
ORgitlabgitlab-shellMatch1.7.0
ORgitlabgitlab-shellMatch1.7.1
Related
zdt
zdt
Gitlab-shell Code Execution Exploit
2014-08-18 00:00:00
packetstorm
packetstorm
Gitlab-shell Code Execution
2014-08-18 00:00:00
cvelist
cvelist
CVE-2013-4490
2014-05-13 15:00:00
debiancve
debiancve
CVE-2013-4490
2014-05-13 15:55:03
prion
prion
Design/Logic Flaw
2014-05-13 15:55:00
nvd
nvd
CVE-2013-4490
2014-05-13 15:55:03
openvas
openvas
GitLab Community Edition 4.2.x - 5.4.0, 6.x - 6.2.2 Multiple Vulnerabilities
2022-03-28 00:00:00
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.2 High
AI Score
Confidence
Low
0.222 Low
EPSS
Percentile
96.5%
Related for CVE-2013-4490