📦

gitlab-shell

Vendor: gitlab

Actively Exploited 0 CISA KEV List

PoC / Exploits 1 Code Available

Total RCEs 3 Remote Access

Total CVEs 11 Total Indexed

Avg. EPSS 10.31% Exploit Prob.

Latest CVE CVE-2013-4583 Jan 28

Security Vulnerability Index

Page 1 / 2

8.8 CVSS

CVE-2013-4583

The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories.

EPSS: 0.30%

Severity: HIGH

Jan 28, 2020

6.5 CVSS

CVE-2013-4582

The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface.

EPSS: 0.17%

Severity: MEDIUM

Jan 28, 2020

6.5 CVSS

CVE-2013-4546

RCE

The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.

EPSS: 0.22%

Severity: MEDIUM

May 13, 2014

6.5 CVSS

CVE-2013-4490

RCE Exploit Found

The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.

EPSS: 49.78%

Severity: MEDIUM

May 13, 2014

6.8 CVSS

CVE-2013-4581

RCE

GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH.

EPSS: 1.10%

Severity: MEDIUM

May 12, 2014

Displaying 5 of 11 Total Entries

1 2

Total 2 Sections