CVE-2013-4582
published 2020-01-28CVE-2013-4582: The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 5.0.0 < 5.4.2 | 5.4.2 |
| gitlab | gitlab | >= 6.0.0 < 6.2.1 | 6.2.1 |
| gitlab | gitlab | >= 6.0.0 < 6.2.4 | 6.2.4 |
| gitlab | gitlab-shell | < 1.7.8 | 1.7.8 |
| gitlab | gitlab-shell | — | — |
| gitlab | gitlab_community_edition | — | — |
| gitlab | gitlab_enterprise_edition | — | — |