Lucene search
HistoryMay 13, 2014 - 3:55 p.m.
CVE-2013-4490
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7 High
AI Score
Confidence
Low
0.222 Low
EPSS
Percentile
96.5%
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.
Affected configurations
Node
gitlabgitlabMatch5.0.0
ORgitlabgitlabMatch5.0.1
ORgitlabgitlabMatch5.1.0
ORgitlabgitlabMatch5.2.0
ORgitlabgitlabMatch5.3.0
ORgitlabgitlabMatch5.4.0
ORgitlabgitlabMatch6.0.0
ORgitlabgitlabMatch6.1.0
ORgitlabgitlabMatch6.2.0
ORgitlabgitlabMatch6.2.1
ORgitlabgitlabMatch6.2.2
ORgitlabgitlab-shellRange≤1.7.2
ORgitlabgitlab-shellMatch1.0.4
ORgitlabgitlab-shellMatch1.1.0
ORgitlabgitlab-shellMatch1.2.0
ORgitlabgitlab-shellMatch1.3.0
ORgitlabgitlab-shellMatch1.4.0
ORgitlabgitlab-shellMatch1.5.0
ORgitlabgitlab-shellMatch1.6.0
ORgitlabgitlab-shellMatch1.7.0
ORgitlabgitlab-shellMatch1.7.1
Related
zdt
zdt
Gitlab-shell Code Execution Exploit
2014-08-18 00:00:00
packetstorm
packetstorm
Gitlab-shell Code Execution
2014-08-18 00:00:00
cvelist
cvelist
CVE-2013-4490
2014-05-13 15:00:00
cve
cve
CVE-2013-4490
2014-05-13 15:55:03
debiancve
debiancve
CVE-2013-4490
2014-05-13 15:55:03
prion
prion
Design/Logic Flaw
2014-05-13 15:55:00
openvas
openvas
GitLab Community Edition 4.2.x - 5.4.0, 6.x - 6.2.2 Multiple Vulnerabilities
2022-03-28 00:00:00
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7 High
AI Score
Confidence
Low
0.222 Low
EPSS
Percentile
96.5%
Related for NVD:CVE-2013-4490