CVE-2013-4490

EUVD-2013-4354
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
gitlabgitlab
5.0.0
gitlabgitlab
5.0.1
gitlabgitlab
5.1.0
gitlabgitlab
5.2.0
gitlabgitlab
5.3.0
gitlabgitlab
5.4.0
gitlabgitlab
6.0.0
gitlabgitlab
6.1.0
gitlabgitlab
6.2.0
gitlabgitlab
6.2.1
gitlabgitlab
6.2.2
gitlabgitlab-shell
𝑥
≤ 1.7.2
gitlabgitlab-shell
1.0.4
gitlabgitlab-shell
1.1.0
gitlabgitlab-shell
1.2.0
gitlabgitlab-shell
1.3.0
gitlabgitlab-shell
1.4.0
gitlabgitlab-shell
1.5.0
gitlabgitlab-shell
1.6.0
gitlabgitlab-shell
1.7.0
gitlabgitlab-shell
1.7.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gitlab
sid
16.8.4-1
fixed
References
https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/
https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/