CVE-2013-4490
Published May 13, 2014
Last updated 11 years ago
Overview
- Description
- The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Social media
- Hype score
- Not currently trending
Evaluator
- Comment
- Per: http://cwe.mitre.org/data/definitions/77.html "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gitlab:gitlab:5.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4DA23AF5-81E7-4D04-A224-DF823772EC06"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:5.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5A780E86-D049-4C46-8481-2E55E974649C"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:5.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "960E66D9-2E5B-460A-A262-88FF1CE60750"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:5.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2D61A37D-1A91-4C85-9737-E54670401FC6"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:5.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81CB5B34-09DE-4589-824C-97A6D696BD43"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:5.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C9C5A188-6B92-46A2-9345-386F90BE362C"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:6.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E82B301E-25BD-4438-9696-DF3E290F32B7"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:6.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E9B36BD3-69FA-4A22-9377-E86B8E9DFF8F"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:6.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DDD0A408-7007-4655-A159-12472E4A779E"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:6.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4A46F6D6-411B-428A-ACD4-01707433DA88"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:6.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BE2BA4DB-3D3E-4DB2-A35C-52B89D357606"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab-shell:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C3797783-B30D-43D8-AAC6-91DB75ABFAC9",
"versionEndIncluding": "1.7.2"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab-shell:1.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5468E7D1-96FD-4BCC-B35F-20B8A045CEBF"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab-shell:1.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8C66C8DB-919E-4D42-A8FB-2F1C08F19EBC"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab-shell:1.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "989A3DDF-A7A8-4CA8-844C-12A5A7150866"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab-shell:1.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E9693E73-B622-496C-8427-D8E3F8DA9DD7"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab-shell:1.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EC8F0260-C2EE-4DFB-B368-B55EB4A6FA93"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab-shell:1.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "98BB99C5-45C7-4982-A5C7-10319B2FCBCE"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab-shell:1.6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E186CC7F-1C1F-41CB-88DB-B8DDE36EB7B8"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab-shell:1.7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46778FDB-4863-451A-88C0-0C38D14C623D"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab-shell:1.7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E2E2DA5C-61BB-4218-8FDA-57AC3C9C0172"
}
],
"operator": "OR"
}
]
}
]