CVE-2013-4581

CWE-94 — Code Injection5 documents5 sources

Severity

6.8MEDIUM

EPSS

1.1%

top 22.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Gitlab Gitlab Gitlab-shell

Timeline

PublishedMay 12

Latest updateMay 17

Description

GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDgitlab/gitlab-shell1.7.7+14

▶NVDgitlab/gitlab6.2.3+46

Patches

Patch: www.gitlab.com ↗Patch: www.gitlab.com ↗

🔴Vulnerability Details

GHSA

GHSA-v9h3-mqgc-w575: GitLab 5↗2022-05-17

▶

CVEList

CVE-2013-4581: GitLab 5↗2014-05-12

▶

📋Vendor Advisories

GitLab

CVE-2013-4581: GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to exec↗2014-05-12

▶

Debian

CVE-2013-4581: gitlab - GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition befo...↗2013

▶