Описание
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.
Комментарий
Per: http://cwe.mitre.org/data/definitions/77.html
"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.7.2 (включая)
Одно из
cpe:2.3:a:gitlab:gitlab:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:6.2.0:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:6.2.2:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab-shell:*:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab-shell:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab-shell:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab-shell:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab-shell:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab-shell:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab-shell:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab-shell:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab-shell:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab-shell:1.7.1:*:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.48021
Средний
6.5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
debian
около 11 лет назад
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before ...
github
около 3 лет назад
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.
EPSS
Процентиль: 98%
0.48021
Средний
6.5 Medium
CVSS2
Дефекты
NVD-CWE-Other