First published: Tue May 13 2014(Updated: )
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | =5.0.0 | |
GitLab GitLab | =5.0.1 | |
GitLab GitLab | =5.1.0 | |
GitLab GitLab | =5.2.0 | |
GitLab GitLab | =5.3.0 | |
GitLab GitLab | =5.4.0 | |
GitLab GitLab | =6.0.0 | |
GitLab GitLab | =6.1.0 | |
GitLab GitLab | =6.2.0 | |
GitLab GitLab | =6.2.1 | |
GitLab GitLab | =6.2.2 | |
Gitlab Gitlab-shell | <=1.7.2 | |
Gitlab Gitlab-shell | =1.0.4 | |
Gitlab Gitlab-shell | =1.1.0 | |
Gitlab Gitlab-shell | =1.2.0 | |
Gitlab Gitlab-shell | =1.3.0 | |
Gitlab Gitlab-shell | =1.4.0 | |
Gitlab Gitlab-shell | =1.5.0 | |
Gitlab Gitlab-shell | =1.6.0 | |
Gitlab Gitlab-shell | =1.7.0 | |
Gitlab Gitlab-shell | =1.7.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.