The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.
References
Link | Resource |
---|---|
https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/ | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2014-05-13 15:55
Updated : 2024-02-28 12:20
NVD link : CVE-2013-4490
Mitre link : CVE-2013-4490
CVE.ORG link : CVE-2013-4490
JSON object : View
Products Affected
gitlab
- gitlab
- gitlab-shell
CWE