Main Vulnerability Database Vulnerabilities #VU41663

Input validation error in Gitlab Community Edition - CVE-2013-4489

Published: May 17, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41663

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2013-4489

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: GitLab, Inc

Affected software:
Gitlab Community Edition

Detailed vulnerability description

The vulnerability allows a remote #AU# to read and manipulate data.

The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature. Per: http://cwe.mitre.org/data/definitions/77.html "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"

How to mitigate CVE-2013-4489

Install update from vendor's website.

Sources

https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/

Input validation error in Gitlab Community Edition - CVE-2013-4489

Detailed vulnerability description

How to mitigate CVE-2013-4489

Sources

Please verify you're human