CVE-2013-4546 - OpenCVE

The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gitlab	Gitlab Gitlab-shell

Configuration 1 [-]

OR	cpe:2.3:a:gitlab:gitlab:5.0.0:::::::*
	cpe:2.3:a:gitlab:gitlab:5.0.1:::::::*
	cpe:2.3:a:gitlab:gitlab:5.1.0:::::::*
	cpe:2.3:a:gitlab:gitlab:5.2.0:::::::*
	cpe:2.3:a:gitlab:gitlab:5.3.0:::::::*
	cpe:2.3:a:gitlab:gitlab:5.4.0:::::::*
	cpe:2.3:a:gitlab:gitlab:5.4.1:::::::*
	cpe:2.3:a:gitlab:gitlab:5.4.2:::::::*
	cpe:2.3:a:gitlab:gitlab:6.0.0:::::::*
	cpe:2.3:a:gitlab:gitlab:6.1.0:::::::*
	cpe:2.3:a:gitlab:gitlab:6.2.0:::::::*
	cpe:2.3:a:gitlab:gitlab:6.2.1:::::::*
	cpe:2.3:a:gitlab:gitlab:6.2.2:::::::*
	cpe:2.3:a:gitlab:gitlab-shell::::::::
	cpe:2.3:a:gitlab:gitlab-shell:1.0.4:::::::*
	cpe:2.3:a:gitlab:gitlab-shell:1.1.0:::::::*
	cpe:2.3:a:gitlab:gitlab-shell:1.2.0:::::::*
	cpe:2.3:a:gitlab:gitlab-shell:1.3.0:::::::*
	cpe:2.3:a:gitlab:gitlab-shell:1.4.0:::::::*
	cpe:2.3:a:gitlab:gitlab-shell:1.5.0:::::::*
	cpe:2.3:a:gitlab:gitlab-shell:1.6.0:::::::*
	cpe:2.3:a:gitlab:gitlab-shell:1.7.0:::::::*
	cpe:2.3:a:gitlab:gitlab-shell:1.7.1:::::::*
	cpe:2.3:a:gitlab:gitlab-shell:1.7.2:::::::*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2013/11/11/2
https://gitlab.com/gitlab-org/gitlab-shell/blob/master/CHANGELOG
https://www.gitlab.com/2013/11/08/security-vulnerability-in-gitlab-shell/

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-05-13T15:00:00

Updated: 2024-08-06T16:45:15.033Z

Reserved: 2013-06-12T00:00:00

Link: CVE-2013-4546

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2014-05-13T15:55:04.437

Modified: 2014-05-14T17:07:38.267

Link: CVE-2013-4546

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-11-08T00:00:00", "descriptions": [{"lang": "en", "value": "The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-05-13T14:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.gitlab.com/2013/11/08/security-vulnerability-in-gitlab-shell/"}, {"name": "[oss-security] 20131111 Security vulnerability in gitlab-shell (CVE-2013-4546)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/11/11/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://gitlab.com/gitlab-org/gitlab-shell/blob/master/CHANGELOG"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4546", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.gitlab.com/2013/11/08/security-vulnerability-in-gitlab-shell/", "refsource": "CONFIRM", "url": "https://www.gitlab.com/2013/11/08/security-vulnerability-in-gitlab-shell/"}, {"name": "[oss-security] 20131111 Security vulnerability in gitlab-shell (CVE-2013-4546)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/11/11/2"}, {"name": "https://gitlab.com/gitlab-org/gitlab-shell/blob/master/CHANGELOG", "refsource": "CONFIRM", "url": "https://gitlab.com/gitlab-org/gitlab-shell/blob/master/CHANGELOG"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:45:15.033Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.gitlab.com/2013/11/08/security-vulnerability-in-gitlab-shell/"}, {"name": "[oss-security] 20131111 Security vulnerability in gitlab-shell (CVE-2013-4546)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/11/11/2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://gitlab.com/gitlab-org/gitlab-shell/blob/master/CHANGELOG"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4546", "datePublished": "2014-05-13T15:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:45:15.033Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4DA23AF5-81E7-4D04-A224-DF823772EC06", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5A780E86-D049-4C46-8481-2E55E974649C", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "960E66D9-2E5B-460A-A262-88FF1CE60750", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2D61A37D-1A91-4C85-9737-E54670401FC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:5.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "81CB5B34-09DE-4589-824C-97A6D696BD43", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:5.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "C9C5A188-6B92-46A2-9345-386F90BE362C", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:5.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "6AE14E03-7043-486E-834E-54E39CA3341B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:5.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "E0BCBC68-555F-4295-8E15-A4127702AAB4", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E82B301E-25BD-4438-9696-DF3E290F32B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E9B36BD3-69FA-4A22-9377-E86B8E9DFF8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:6.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "DDD0A408-7007-4655-A159-12472E4A779E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "4A46F6D6-411B-428A-ACD4-01707433DA88", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:6.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "BE2BA4DB-3D3E-4DB2-A35C-52B89D357606", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab-shell:*:*:*:*:*:*:*:*", "matchCriteriaId": "362C206A-3DF6-40BB-9534-06E19E62D2B9", "versionEndIncluding": "1.7.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab-shell:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "5468E7D1-96FD-4BCC-B35F-20B8A045CEBF", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab-shell:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C66C8DB-919E-4D42-A8FB-2F1C08F19EBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab-shell:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "989A3DDF-A7A8-4CA8-844C-12A5A7150866", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab-shell:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E9693E73-B622-496C-8427-D8E3F8DA9DD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab-shell:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "EC8F0260-C2EE-4DFB-B368-B55EB4A6FA93", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab-shell:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "98BB99C5-45C7-4982-A5C7-10319B2FCBCE", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab-shell:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E186CC7F-1C1F-41CB-88DB-B8DDE36EB7B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab-shell:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "46778FDB-4863-451A-88C0-0C38D14C623D", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab-shell:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "E2E2DA5C-61BB-4218-8FDA-57AC3C9C0172", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab-shell:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "C54EB6D2-4AAA-4567-B078-AE91317BF083", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL."}, {"lang": "es", "value": "La funcionalidad de importaci\u00f3n de repositorios en gitlab-shell anterior a 1.7.4, utilizado en GitLab, permite a usuarios remotos autenticados ejecutar comandos arbitrarios a trav\u00e9s de la URL de importaci\u00f3n."}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/77.html\n\n\"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')\"", "id": "CVE-2013-4546", "lastModified": "2014-05-14T17:07:38.267", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-13T15:55:04.437", "references": [{"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/11/11/2"}, {"source": "secalert@redhat.com", "url": "https://gitlab.com/gitlab-org/gitlab-shell/blob/master/CHANGELOG"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.gitlab.com/2013/11/08/security-vulnerability-in-gitlab-shell/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}