The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.
CVSS v2.0 Score
6.5
/ 10.0
MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Information
- Published
- 13 mai 2014
- Updated
- 12 avr. 2025
- Status
- Deferred
- Source
- secalert@redhat.com
Affected products
gitlab gitlab
Versions : 5.0.0, 5.0.1, 5.1.0, 5.2.0, 5.3.0
gitlab gitlab-shell
Versions : 1.7.2, 1.0.4, 1.1.0, 1.2.0, 1.3.0
Weaknesses (CWE)
NVD-CWE-Other
References (2)
- https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/PatchVendor Advisory
- https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/PatchVendor Advisory
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.