Vulnerabilities > Gitlab > Gitlab > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-05-13 | CVE-2013-4490 | Remote Code Execution vulnerability in GitLab 'SSH key upload' Feature The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key. | 6.5 |
2014-05-12 | CVE-2013-4581 | Code Injection vulnerability in Gitlab and Gitlab-Shell GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH. | 6.8 |
2014-05-12 | CVE-2013-4580 | Improper Authentication vulnerability in Gitlab GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls. | 6.8 |
2014-01-24 | CVE-2013-7316 | Cross-Site Scripting vulnerability in Gitlab 6.0.0 Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other versions before 6.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML file, as demonstrated by README.html. | 4.3 |