CVE-2013-4582

6.5MEDIUM

Key Information:

Vendor
Gitlab
Status
Gitlab
Gitlab Community Edition
Gitlab Enterprise Edition
Gitlab-shell
Vendor
CVE Published:
28 January 2020

Summary

The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface.

Affected Version(s)

GitLab 5.0 before 5.4.2

GitLab Community Edition before 6.2.4

GitLab Enterprise Edition before 6.2.1

References

http://www.openwall.com/lists/oss-security/2013/11/15/4
x_refsource_MISC
https://www.gitlab.com/2013/11/14/multiple-critical-vulne...
x_refsource_MISC
https://www.openwall.com/lists/oss-security/2013/11/18/4
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.