CVE-2013-4546 : The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, a

The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.

Published 2014-05-13 15:55:04

Updated 2025-04-12 10:46:41

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2013-4546

Gitlab » Gitlab » Version: 6.0.0
cpe:2.3:a:gitlab:gitlab:6.0.0:*:*:*:*:*:*:*
Matching versions
Gitlab » Gitlab » Version: 6.2.0
cpe:2.3:a:gitlab:gitlab:6.2.0:*:*:*:*:*:*:*
Matching versions
Gitlab » Gitlab » Version: 5.2.0
cpe:2.3:a:gitlab:gitlab:5.2.0:*:*:*:*:*:*:*
Matching versions
Gitlab » Gitlab » Version: 5.0.1
cpe:2.3:a:gitlab:gitlab:5.0.1:*:*:*:*:*:*:*
Matching versions
Gitlab » Gitlab » Version: 6.2.1
cpe:2.3:a:gitlab:gitlab:6.2.1:*:*:*:*:*:*:*
Matching versions
Gitlab » Gitlab » Version: 6.2.2
cpe:2.3:a:gitlab:gitlab:6.2.2:*:*:*:*:*:*:*
Matching versions
Gitlab » Gitlab » Version: 5.4.0
cpe:2.3:a:gitlab:gitlab:5.4.0:*:*:*:*:*:*:*
Matching versions
Gitlab » Gitlab » Version: 5.3.0
cpe:2.3:a:gitlab:gitlab:5.3.0:*:*:*:*:*:*:*
Matching versions
Gitlab » Gitlab » Version: 6.1.0
cpe:2.3:a:gitlab:gitlab:6.1.0:*:*:*:*:*:*:*
Matching versions
Gitlab » Gitlab » Version: 5.1.0
cpe:2.3:a:gitlab:gitlab:5.1.0:*:*:*:*:*:*:*
Matching versions
Gitlab » Gitlab » Version: 5.0.0
cpe:2.3:a:gitlab:gitlab:5.0.0:*:*:*:*:*:*:*
Matching versions
Gitlab » Gitlab » Version: 5.4.1
cpe:2.3:a:gitlab:gitlab:5.4.1:*:*:*:*:*:*:*
Matching versions
Gitlab » Gitlab » Version: 5.4.2
cpe:2.3:a:gitlab:gitlab:5.4.2:*:*:*:*:*:*:*
Matching versions
Gitlab » Gitlab-shell
Versions up to, including, (<=) 1.7.3
cpe:2.3:a:gitlab:gitlab-shell:*:*:*:*:*:*:*:*
Matching versions
Gitlab » Gitlab-shell » Version: 1.4.0
cpe:2.3:a:gitlab:gitlab-shell:1.4.0:*:*:*:*:*:*:*
Matching versions
Gitlab » Gitlab-shell » Version: 1.2.0
cpe:2.3:a:gitlab:gitlab-shell:1.2.0:*:*:*:*:*:*:*
Matching versions
Gitlab » Gitlab-shell » Version: 1.7.1
cpe:2.3:a:gitlab:gitlab-shell:1.7.1:*:*:*:*:*:*:*
Matching versions
Gitlab » Gitlab-shell » Version: 1.7.0
cpe:2.3:a:gitlab:gitlab-shell:1.7.0:*:*:*:*:*:*:*
Matching versions
Gitlab » Gitlab-shell » Version: 1.6.0
cpe:2.3:a:gitlab:gitlab-shell:1.6.0:*:*:*:*:*:*:*
Matching versions
Gitlab » Gitlab-shell » Version: 1.5.0
cpe:2.3:a:gitlab:gitlab-shell:1.5.0:*:*:*:*:*:*:*
Matching versions
Gitlab » Gitlab-shell » Version: 1.0.4
cpe:2.3:a:gitlab:gitlab-shell:1.0.4:*:*:*:*:*:*:*
Matching versions
Gitlab » Gitlab-shell » Version: 1.3.0
cpe:2.3:a:gitlab:gitlab-shell:1.3.0:*:*:*:*:*:*:*
Matching versions
Gitlab » Gitlab-shell » Version: 1.1.0
cpe:2.3:a:gitlab:gitlab-shell:1.1.0:*:*:*:*:*:*:*
Matching versions
Gitlab » Gitlab-shell » Version: 1.7.2
cpe:2.3:a:gitlab:gitlab-shell:1.7.2:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-4546

EPSS FAQ

0.22%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 42 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-4546

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2013-4546

http://www.openwall.com/lists/oss-security/2013/11/11/2

oss-security - Security vulnerability in gitlab-shell (CVE-2013-4546)
https://www.gitlab.com/2013/11/08/security-vulnerability-in-gitlab-shell/

Sign in · GitLab
Patch;Vendor Advisory
https://gitlab.com/gitlab-org/gitlab-shell/blob/master/CHANGELOG

CHANGELOG · master · GitLab.org / gitlab-shell · GitLab

Jump to

Vulnerability Details : CVE-2013-4546

Products affected by CVE-2013-4546

Exploit prediction scoring system (EPSS) score for CVE-2013-4546

CVSS scores for CVE-2013-4546

References for CVE-2013-4546