CVE-2013-4489
Published May 17, 2014
Last updated 10 years ago
Overview
- Description
- The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Social media
- Hype score
- Not currently trending
Evaluator
- Comment
- Per: http://cwe.mitre.org/data/definitions/77.html "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gitlab:gitlab:5.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2D61A37D-1A91-4C85-9737-E54670401FC6"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:5.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81CB5B34-09DE-4589-824C-97A6D696BD43"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:5.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C9C5A188-6B92-46A2-9345-386F90BE362C"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:6.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E82B301E-25BD-4438-9696-DF3E290F32B7"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:6.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E9B36BD3-69FA-4A22-9377-E86B8E9DFF8F"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:6.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DDD0A408-7007-4655-A159-12472E4A779E"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:6.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4A46F6D6-411B-428A-ACD4-01707433DA88"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:6.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BE2BA4DB-3D3E-4DB2-A35C-52B89D357606"
}
],
"operator": "OR"
}
]
}
]