GitLab: Path traversal in Nuget Package Registry

Summary There's a path traversal issue in Nuget package registry which was released to GitLab-EE recently. The issue allows an attacker to create any file with an extension “.nupkg” in the filesystem. By combining the bug with a race condition in Gitaly which I used several times before 762421,...

CVE-2013-4582

The 1 createbranch, 2 createtag, 3 importproject, and 4 forkproject functions in lib/gitlabprojects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local file...

CVE-2013-4582

Removed by vendor...

Gitlab-shell Code Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'net/ssh' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include...

Gitlab-shell - Code Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'net/ssh' class Metasploit3 'Gitlab-shell Code Execution', 'Description' = %q This module takes advantage of the addition of authorized ssh keys...

Gitlab-shell Code Execution

This module takes advantage of the addition of authorized ssh keys in the gitlab-shell functionality of Gitlab. Versions of gitlab-shell prior to 1.7.4 used the ssh key provided directly in a system call resulting in a command injection vulnerability. As this relies on adding an ssh key to an...

Design/Logic Flaw

The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL...

CVE-2013-4546

GitLab's gitlab-shell before 1.7.4 is affected: the repository import feature allows remote authenticated users to execute arbitrary commands via the import URL. The vulnerability is triggered through the import URL handling in gitlab-shell. Impact details are noted in the CVE record (Base score ...

CVE-2013-4490

Summary (CVE-2013-4490) : The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3 allows a remote authenticated user to execute arbitrary commands via shell metacharacters in a public key. Affected environments include GitLab 5.0 before 5.4.1 and 6.x before 6.2.3 when using t...

CVE-2013-4581

The CVE-2013-4581 entry is supported by concrete details across multiple sources: GitLab versions affected include GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1, and gitlab-shell before 1.7.8. The vulnerability allows remote attackers to execute arbitrar...