fkie_nvd - fkie_cve-2013-4490

fkie_cve-2013-4490

Vulnerability from fkie_nvd

Published

2014-05-13 15:55

Modified

2025-04-12 10:46

Severity ?

Summary

The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.

References

	URL	Tags
	secalert@redhat.com	https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
gitlab	gitlab	5.0.0
gitlab	gitlab	5.0.1
gitlab	gitlab	5.1.0
gitlab	gitlab	5.2.0
gitlab	gitlab	5.3.0
gitlab	gitlab	5.4.0
gitlab	gitlab	6.0.0
gitlab	gitlab	6.1.0
gitlab	gitlab	6.2.0
gitlab	gitlab	6.2.1
gitlab	gitlab	6.2.2
gitlab	gitlab-shell	*
gitlab	gitlab-shell	1.0.4
gitlab	gitlab-shell	1.1.0
gitlab	gitlab-shell	1.2.0
gitlab	gitlab-shell	1.3.0
gitlab	gitlab-shell	1.4.0
gitlab	gitlab-shell	1.5.0
gitlab	gitlab-shell	1.6.0
gitlab	gitlab-shell	1.7.0
gitlab	gitlab-shell	1.7.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DA23AF5-81E7-4D04-A224-DF823772EC06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A780E86-D049-4C46-8481-2E55E974649C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "960E66D9-2E5B-460A-A262-88FF1CE60750",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D61A37D-1A91-4C85-9737-E54670401FC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "81CB5B34-09DE-4589-824C-97A6D696BD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:5.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9C5A188-6B92-46A2-9345-386F90BE362C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E82B301E-25BD-4438-9696-DF3E290F32B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9B36BD3-69FA-4A22-9377-E86B8E9DFF8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDD0A408-7007-4655-A159-12472E4A779E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A46F6D6-411B-428A-ACD4-01707433DA88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE2BA4DB-3D3E-4DB2-A35C-52B89D357606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab-shell:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3797783-B30D-43D8-AAC6-91DB75ABFAC9",
              "versionEndIncluding": "1.7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab-shell:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5468E7D1-96FD-4BCC-B35F-20B8A045CEBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab-shell:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C66C8DB-919E-4D42-A8FB-2F1C08F19EBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab-shell:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "989A3DDF-A7A8-4CA8-844C-12A5A7150866",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab-shell:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9693E73-B622-496C-8427-D8E3F8DA9DD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab-shell:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC8F0260-C2EE-4DFB-B368-B55EB4A6FA93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab-shell:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "98BB99C5-45C7-4982-A5C7-10319B2FCBCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab-shell:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E186CC7F-1C1F-41CB-88DB-B8DDE36EB7B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab-shell:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46778FDB-4863-451A-88C0-0C38D14C623D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab-shell:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2E2DA5C-61BB-4218-8FDA-57AC3C9C0172",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key."
    },
    {
      "lang": "es",
      "value": "La funcionalidad de de subida de clave SSH (lib/gitlab_keys.rb) en gitlab-shell anterior a 1.7.3, utilizado en GitLab 5.0 anterior a 5.4.1 y 6.x anterior a 6.2.3, permite a usuarios remotos autenticados ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell en la clave p\u00fablica."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/77.html\n\n\"CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)\"",
  "id": "CVE-2013-4490",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-13T15:55:03.937",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2013-4490 (GCVE-0-2013-4490)

Vulnerability from cvelistv5

Published

2014-05-13 15:00

Modified

2024-08-06 16:45

Severity ?

CWE

Summary

References

URL

Tags

https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/

x_refsource_CONFIRM