CVE-2013-4583

Published: Jan 28, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories.

Affected (4)

Products: Gitlab: Gitlab, Gitlab Shell

2 products

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 5.0.0 to 5.4.2
Gitlab Gitlab	From 6.0.0 to 6.2.4
Gitlab Gitlab	From 6.0.0 to 6.2.1
Gitlab Gitlab Shell	Before 1.7.8

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (6)

http://www.openwall.com/lists/oss-security/2013/11/15/4

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/

Source: secalert@redhat.com

Permissions Required

https://www.openwall.com/lists/oss-security/2013/11/18/4

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2013/11/15/4

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://www.openwall.com/lists/oss-security/2013/11/18/4

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

Timeline

No history available yet.