CVE-2013-4582

Published: Jan 28, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface.

Affected (4)

Products: Gitlab: Gitlab, Gitlab Shell

2 products

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 5.0.0 to 5.4.2
Gitlab Gitlab	From 6.0.0 to 6.2.4
Gitlab Gitlab	From 6.0.0 to 6.2.1
Gitlab Gitlab Shell	Before 1.7.8

Related CWEs

Inclusion of Functionality from Untrusted Control Sphere

The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

References (6)

http://www.openwall.com/lists/oss-security/2013/11/15/4

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/

Source: secalert@redhat.com

Permissions Required

https://www.openwall.com/lists/oss-security/2013/11/18/4

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2013/11/15/4

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://www.openwall.com/lists/oss-security/2013/11/18/4

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.