The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.
2014-05-13T15:55:04.437
2025-04-12T10:46:40.837
Deferred
CVSSv2: 6.5 (MEDIUM)
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | gitlab | gitlab | 5.0.0 | Yes |
| Application | gitlab | gitlab | 5.0.1 | Yes |
| Application | gitlab | gitlab | 5.1.0 | Yes |
| Application | gitlab | gitlab | 5.2.0 | Yes |
| Application | gitlab | gitlab | 5.3.0 | Yes |
| Application | gitlab | gitlab | 5.4.0 | Yes |
| Application | gitlab | gitlab | 5.4.1 | Yes |
| Application | gitlab | gitlab | 5.4.2 | Yes |
| Application | gitlab | gitlab | 6.0.0 | Yes |
| Application | gitlab | gitlab | 6.1.0 | Yes |
| Application | gitlab | gitlab | 6.2.0 | Yes |
| Application | gitlab | gitlab | 6.2.1 | Yes |
| Application | gitlab | gitlab | 6.2.2 | Yes |
| Application | gitlab | gitlab-shell | ≤ 1.7.3 | Yes |
| Application | gitlab | gitlab-shell | 1.0.4 | Yes |
| Application | gitlab | gitlab-shell | 1.1.0 | Yes |
| Application | gitlab | gitlab-shell | 1.2.0 | Yes |
| Application | gitlab | gitlab-shell | 1.3.0 | Yes |
| Application | gitlab | gitlab-shell | 1.4.0 | Yes |
| Application | gitlab | gitlab-shell | 1.5.0 | Yes |
| Application | gitlab | gitlab-shell | 1.6.0 | Yes |
| Application | gitlab | gitlab-shell | 1.7.0 | Yes |
| Application | gitlab | gitlab-shell | 1.7.1 | Yes |
| Application | gitlab | gitlab-shell | 1.7.2 | Yes |