CVE-2013-4581

GitLab < 6.2.3 - Remote Code Execution via SSH

Title source: llm

Description

GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH.

References (2)

Core 2

Core References

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2013/11/15/4

Patch, Vendor Advisory x_refsource_confirm

https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/

Scores

EPSS 0.0110

EPSS Percentile 78.2%

Details

CWE

CWE-94

Status published

Products (45)

gitlab/gitlab 0.8.0 (2 CPE variants)

gitlab/gitlab 0.9.1 (2 CPE variants)

gitlab/gitlab 0.9.4 (2 CPE variants)

gitlab/gitlab 0.9.6 (2 CPE variants)

gitlab/gitlab 1.0.0 (2 CPE variants)

gitlab/gitlab 1.0.1

gitlab/gitlab 1.0.2

gitlab/gitlab 1.1.0

gitlab/gitlab 1.2.0

gitlab/gitlab 1.2.1

... and 35 more

Published May 12, 2014

Tracked Since Feb 18, 2026