CVE-2013-4583

CWE-269 — Improper Privilege Management5 documents5 sources

Severity

8.8HIGH

EPSS

0.3%

top 46.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Gitlab Gitlab Gitlab-shell Gitlab Gitlab Community Edition +1 more

Timeline

PublishedJan 28

Latest updateMay 5

Description

The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5gitlab/gitlab_community_editionbefore 6.2.4

▶CVEListV5gitlab/gitlab_enterprise_editionbefore 6.2.1

▶NVDgitlab/gitlab-shell< 1.7.8

▶CVEListV5gitlab/gitlab-shellbefore 1.7.8

▶NVDgitlab/gitlab5.0.0 — 5.4.2+2

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-r692-jg36-6v4p: The parse_cmd function in lib/gitlab_shell↗2022-05-05

▶

CVEList

CVE-2013-4583: The parse_cmd function in lib/gitlab_shell↗2020-01-28

▶

📋Vendor Advisories

GitLab

CVE-2013-4583: The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitl↗2020-01-28

▶

Debian

CVE-2013-4583: gitlab - The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Commun...↗2013

▶