CVE-2013-4490

Summary (CVE-2013-4490) : The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3 allows a remote authenticated user to execute arbitrary commands via shell metacharacters in a public key. Affected environments include GitLab 5.0 before 5.4.1 and 6.x before 6.2.3 when using t...

CVE-2013-4546

GitLab's gitlab-shell before 1.7.4 is affected: the repository import feature allows remote authenticated users to execute arbitrary commands via the import URL. The vulnerability is triggered through the import URL handling in gitlab-shell. Impact details are noted in the CVE record (Base score ...

CVE-2013-4581

The CVE-2013-4581 entry is supported by concrete details across multiple sources: GitLab versions affected include GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1, and gitlab-shell before 1.7.8. The vulnerability allows remote attackers to execute arbitrar...

CVE-2013-4582

CVE-2013-4582 affects GitLab: the functions create_branch, create_tag, import_project, and fork_project in lib/gitlab_projects.rb allow remote authenticated users to include information from local files into the metadata of a Git repository via the web interface. Affected are GitLab 5.0 up to 5.4...

CVE-2013-4583

The CVE-2013-4583 issue affects GitLab: the parse_cmd function in lib/gitlab_shell.rb (and the accompanying gitlab-shell) allows remote authenticated users to gain privileges and clone arbitrary repositories. Affected versions are GitLab 5.0 before 5.4.2, GitLab Community Edition before 6.2.4, Gi...