CVE-2013-4546

The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
gitlabgitlab
5.0.0
gitlabgitlab
5.0.1
gitlabgitlab
5.1.0
gitlabgitlab
5.2.0
gitlabgitlab
5.3.0
gitlabgitlab
5.4.0
gitlabgitlab
5.4.1
gitlabgitlab
5.4.2
gitlabgitlab
6.0.0
gitlabgitlab
6.1.0
gitlabgitlab
6.2.0
gitlabgitlab
6.2.1
gitlabgitlab
6.2.2
gitlabgitlab-shell
𝑥
≤ 1.7.3
gitlabgitlab-shell
1.0.4
gitlabgitlab-shell
1.1.0
gitlabgitlab-shell
1.2.0
gitlabgitlab-shell
1.3.0
gitlabgitlab-shell
1.4.0
gitlabgitlab-shell
1.5.0
gitlabgitlab-shell
1.6.0
gitlabgitlab-shell
1.7.0
gitlabgitlab-shell
1.7.1
gitlabgitlab-shell
1.7.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gitlab
sid
16.8.4-1
fixed
References
http://www.openwall.com/lists/oss-security/2013/11/11/2
https://gitlab.com/gitlab-org/gitlab-shell/blob/master/CHANGELOG
https://www.gitlab.com/2013/11/08/security-vulnerability-in-gitlab-shell/
http://www.openwall.com/lists/oss-security/2013/11/11/2
https://gitlab.com/gitlab-org/gitlab-shell/blob/master/CHANGELOG
https://www.gitlab.com/2013/11/08/security-vulnerability-in-gitlab-shell/