CVE-2013-4546

EUVD-2013-4405
The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
Affected Products (NVD)
VendorProductVersion
gitlabgitlab
5.0.0
gitlabgitlab
5.0.1
gitlabgitlab
5.1.0
gitlabgitlab
5.2.0
gitlabgitlab
5.3.0
gitlabgitlab
5.4.0
gitlabgitlab
5.4.1
gitlabgitlab
5.4.2
gitlabgitlab
6.0.0
gitlabgitlab
6.1.0
gitlabgitlab
6.2.0
gitlabgitlab
6.2.1
gitlabgitlab
6.2.2
gitlabgitlab-shell
𝑥
≤ 1.7.3
gitlabgitlab-shell
1.0.4
gitlabgitlab-shell
1.1.0
gitlabgitlab-shell
1.2.0
gitlabgitlab-shell
1.3.0
gitlabgitlab-shell
1.4.0
gitlabgitlab-shell
1.5.0
gitlabgitlab-shell
1.6.0
gitlabgitlab-shell
1.7.0
gitlabgitlab-shell
1.7.1
gitlabgitlab-shell
1.7.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gitlab
sid
16.8.4-1
fixed
References
http://www.openwall.com/lists/oss-security/2013/11/11/2
https://gitlab.com/gitlab-org/gitlab-shell/blob/master/CHANGELOG
https://www.gitlab.com/2013/11/08/security-vulnerability-in-gitlab-shell/
http://www.openwall.com/lists/oss-security/2013/11/11/2
https://gitlab.com/gitlab-org/gitlab-shell/blob/master/CHANGELOG
https://www.gitlab.com/2013/11/08/security-vulnerability-in-gitlab-shell/