CVE-2013-4490

Currently unrated

Key Information:

Vendor: Gitlab
Status: Gitlab; Gitlab-shell
Vendor: CVE Published:; 13 May 2014

Summary

The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.

References

https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-s...

x_refsource_CONFIRM

EPSS Score

16% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 13, 2014
Vulnerability Reserved
Jun 12, 2013

Collectors

NVD DatabaseMitre Database