2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2013-4490" ,
"sourceIdentifier" : "secalert@redhat.com" ,
"published" : "2014-05-13T15:55:03.937" ,
2024-11-22 19:15:24 +00:00
"lastModified" : "2024-11-21T01:55:40.433" ,
"vulnStatus" : "Modified" ,
2024-12-08 03:06:42 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key."
} ,
{
"lang" : "es" ,
"value" : "La funcionalidad de de subida de clave SSH (lib/gitlab_keys.rb) en gitlab-shell anterior a 1.7.3, utilizado en GitLab 5.0 anterior a 5.4.1 y 6.x anterior a 6.2.3, permite a usuarios remotos autenticados ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell en la clave p\u00fablica."
}
] ,
"metrics" : {
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P" ,
2024-11-22 19:15:24 +00:00
"baseScore" : 6.5 ,
2023-04-24 12:24:31 +02:00
"accessVector" : "NETWORK" ,
"accessComplexity" : "LOW" ,
"authentication" : "SINGLE" ,
"confidentialityImpact" : "PARTIAL" ,
"integrityImpact" : "PARTIAL" ,
2024-11-22 19:15:24 +00:00
"availabilityImpact" : "PARTIAL"
2023-04-24 12:24:31 +02:00
} ,
"baseSeverity" : "MEDIUM" ,
"exploitabilityScore" : 8.0 ,
"impactScore" : 6.4 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "NVD-CWE-Other"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gitlab:gitlab:5.0.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4DA23AF5-81E7-4D04-A224-DF823772EC06"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gitlab:gitlab:5.0.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5A780E86-D049-4C46-8481-2E55E974649C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gitlab:gitlab:5.1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "960E66D9-2E5B-460A-A262-88FF1CE60750"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gitlab:gitlab:5.2.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2D61A37D-1A91-4C85-9737-E54670401FC6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gitlab:gitlab:5.3.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "81CB5B34-09DE-4589-824C-97A6D696BD43"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gitlab:gitlab:5.4.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C9C5A188-6B92-46A2-9345-386F90BE362C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gitlab:gitlab:6.0.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E82B301E-25BD-4438-9696-DF3E290F32B7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gitlab:gitlab:6.1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E9B36BD3-69FA-4A22-9377-E86B8E9DFF8F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gitlab:gitlab:6.2.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DDD0A408-7007-4655-A159-12472E4A779E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gitlab:gitlab:6.2.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4A46F6D6-411B-428A-ACD4-01707433DA88"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gitlab:gitlab:6.2.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "BE2BA4DB-3D3E-4DB2-A35C-52B89D357606"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gitlab:gitlab-shell:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "1.7.2" ,
"matchCriteriaId" : "C3797783-B30D-43D8-AAC6-91DB75ABFAC9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gitlab:gitlab-shell:1.0.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5468E7D1-96FD-4BCC-B35F-20B8A045CEBF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gitlab:gitlab-shell:1.1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8C66C8DB-919E-4D42-A8FB-2F1C08F19EBC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gitlab:gitlab-shell:1.2.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "989A3DDF-A7A8-4CA8-844C-12A5A7150866"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gitlab:gitlab-shell:1.3.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E9693E73-B622-496C-8427-D8E3F8DA9DD7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gitlab:gitlab-shell:1.4.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "EC8F0260-C2EE-4DFB-B368-B55EB4A6FA93"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gitlab:gitlab-shell:1.5.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "98BB99C5-45C7-4982-A5C7-10319B2FCBCE"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gitlab:gitlab-shell:1.6.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E186CC7F-1C1F-41CB-88DB-B8DDE36EB7B8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gitlab:gitlab-shell:1.7.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "46778FDB-4863-451A-88C0-0C38D14C623D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gitlab:gitlab-shell:1.7.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E2E2DA5C-61BB-4218-8FDA-57AC3C9C0172"
}
]
}
]
}
] ,
"references" : [
{
"url" : "https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Patch" ,
"Vendor Advisory"
]
2024-11-22 19:15:24 +00:00
} ,
{
"url" : "https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Patch" ,
"Vendor Advisory"
]
2023-04-24 12:24:31 +02:00
}
2024-11-22 19:15:24 +00:00
] ,
"evaluatorComment" : "Per: http://cwe.mitre.org/data/definitions/77.html\n\n\"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')\""
2023-04-24 12:24:31 +02:00
}
