First published: Tue Jan 28 2020(Updated: )
The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >=5.0.0<5.4.2 | |
GitLab GitLab | >=6.0.0<6.2.1 | |
GitLab GitLab | >=6.0.0<6.2.4 | |
Gitlab Gitlab-shell | <1.7.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.