CVE-2013-4546

6 documents6 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 55.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Gitlab-shell Gitlab Gitlab

Timeline

PublishedMay 13

Latest updateMay 17

Description

The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages2 packages

▶NVDgitlab/gitlab-shell1.7.3+10

▶NVDgitlab/gitlab13 versions+12

Patches

Patch: www.gitlab.com ↗Patch: www.gitlab.com ↗

🔴Vulnerability Details

GHSA

GHSA-x3fv-8jf3-r4h2: The repository import feature in gitlab-shell before 1↗2022-05-17

▶

CVEList

CVE-2013-4546: The repository import feature in gitlab-shell before 1↗2014-05-13

▶

📋Vendor Advisories

GitLab

CVE-2013-4546: The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the↗2014-05-13

▶

Debian

CVE-2013-4546: gitlab - The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, a...↗2013

▶

💬Community

Bugzilla

CVE-2013-0199 CVE-2012-4546 freeipa various flaws [fedora-all]↗2013-01-23

▶