cve-2013-4489
Vulnerability from cvelistv5
Published
2014-05-17 20:00
Modified
2024-08-06 16:45
Severity
Summary
The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature.
References
SourceURLTags
secalert@redhat.comhttps://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/Patch, Vendor Advisory
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:45:14.836Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-11-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-05-17T19:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4489",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/",
              "refsource": "CONFIRM",
              "url": "https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4489",
    "datePublished": "2014-05-17T20:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:45:14.836Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-4489\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2014-05-17T20:55:02.087\",\"lastModified\":\"2014-05-19T16:38:35.793\",\"vulnStatus\":\"Analyzed\",\"evaluatorComment\":\"Per: http://cwe.mitre.org/data/definitions/77.html\\n\\n\\\"CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)\\\"\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature.\"},{\"lang\":\"es\",\"value\":\"La gema Grit para Ruby, utilizado en GitLab 5.2 anterior a 5.4.1 y 6.x anterior a 6.2.3, permite a usuarios remotos autenticados ejecutar comandos arbitrarios, tal y como fue demostrado por el cuadro de b\u00fasqueda para la funcionalidad de b\u00fasqueda de c\u00f3digo de GitLab.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.5},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:5.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D61A37D-1A91-4C85-9737-E54670401FC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:5.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81CB5B34-09DE-4589-824C-97A6D696BD43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:5.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9C5A188-6B92-46A2-9345-386F90BE362C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E82B301E-25BD-4438-9696-DF3E290F32B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:6.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9B36BD3-69FA-4A22-9377-E86B8E9DFF8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:6.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDD0A408-7007-4655-A159-12472E4A779E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:6.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A46F6D6-411B-428A-ACD4-01707433DA88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:6.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE2BA4DB-3D3E-4DB2-A35C-52B89D357606\"}]}]}],\"references\":[{\"url\":\"https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.