Command Execution Vulnerability in GitLab Shell by GitLab
CVE-2013-4546

Currently unrated

Key Information:

Vendor: Gitlab
Status: Gitlab; Gitlab-shell
Vendor: CVE Published:; 13 May 2014

Summary

The repository import feature in GitLab Shell prior to version 1.7.4 presents a security issue that allows authenticated users to execute arbitrary commands through the import URL. This flaw may enable attackers to exploit the functionality, leading to unauthorized actions within the GitLab environment. It is crucial for users to upgrade to secure versions to mitigate potential risks associated with this vulnerability.

References

https://www.gitlab.com/2013/11/08/security-vulnerability-...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2013/11/11/2

mailing-listx_refsource_MLIST

https://gitlab.com/gitlab-org/gitlab-shell/blob/master/CH...

x_refsource_CONFIRM

Timeline

Vulnerability published
May 13, 2014
Vulnerability Reserved
Jun 12, 2013