Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

gitlab gitlab 1.1.0 vulnerabilities and exploits

(subscribe to this query)
8.1
CVSSv3
CVE-2023-5332
Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.
Gitlab GitlabGitlab Gitlab 16.4.0Hashicorp ConsulHashicorp Consul 1.1.0
NA
CVE-2013-4490
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell prior to 1.7.3, as used in GitLab 5.0 prior to 5.4.1 and 6.x prior to 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.
Gitlab Gitlab 6.0.0Gitlab Gitlab 6.2.0Gitlab Gitlab 5.2.0Gitlab Gitlab 5.0.1Gitlab Gitlab-shellGitlab Gitlab-shell 1.4.0Gitlab Gitlab-shell 1.2.0Gitlab Gitlab-shell 1.7.1Gitlab Gitlab-shell 1.7.0Gitlab Gitlab-shell 1.6.0Gitlab Gitlab-shell 1.5.0Gitlab Gitlab 6.2.1Gitlab Gitlab 6.2.2Gitlab Gitlab 5.4.0Gitlab Gitlab 5.3.0Gitlab Gitlab-shell 1.0.4Gitlab Gitlab 6.1.0Gitlab Gitlab 5.1.0Gitlab Gitlab 5.0.0Gitlab Gitlab-shell 1.3.0Gitlab Gitlab-shell 1.1.0
NA
CVE-2013-4581
GitLab 5.0 prior to 5.4.2, Community Edition prior to 6.2.4, Enterprise Edition prior to 6.2.1 and gitlab-shell prior to 1.7.8 allows remote malicious users to execute arbitrary code via a crafted change using SSH.
Gitlab Gitlab 3.1.0Gitlab Gitlab 3.0.3Gitlab Gitlab 3.0.2Gitlab Gitlab 3.0.1Gitlab Gitlab 2.1.0Gitlab Gitlab 2.0.0Gitlab Gitlab 1.2.2Gitlab Gitlab 1.2.1Gitlab Gitlab 1.2.0Gitlab Gitlab 6.1.0Gitlab Gitlab 6.0.0Gitlab Gitlab 5.4.1Gitlab Gitlab 5.0.1Gitlab Gitlab 4.2.0Gitlab Gitlab 4.0.0Gitlab Gitlab 3.0.0Gitlab Gitlab 2.9.0Gitlab Gitlab 2.3.1Gitlab Gitlab 2.2.0Gitlab Gitlab 1.0.2Gitlab Gitlab 1.0.0Gitlab Gitlab
NA
CVE-2013-4546
The repository import feature in gitlab-shell prior to 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.
Gitlab Gitlab 6.0.0Gitlab Gitlab 5.1.0Gitlab Gitlab 5.3.0Gitlab Gitlab-shell 1.3.0Gitlab Gitlab-shell 1.5.0Gitlab Gitlab-shellGitlab Gitlab 5.4.1Gitlab Gitlab 5.4.2Gitlab Gitlab-shell 1.0.4Gitlab Gitlab-shell 1.1.0Gitlab Gitlab 6.2.0Gitlab Gitlab 6.2.1Gitlab Gitlab 6.2.2Gitlab Gitlab 5.0.0Gitlab Gitlab-shell 1.6.0Gitlab Gitlab-shell 1.7.0Gitlab Gitlab-shell 1.7.1Gitlab Gitlab-shell 1.7.2Gitlab Gitlab 6.1.0Gitlab Gitlab 5.0.1Gitlab Gitlab 5.2.0Gitlab Gitlab 5.4.0
NA
CVE-2013-4580
GitLab prior to 5.4.2, Community Edition prior to 6.2.4, and Enterprise Edition prior to 6.2.1, when using a MySQL backend, allows remote malicious users to impersonate arbitrary users and bypass authentication via unspecified API calls.
Gitlab GitlabGitlab Gitlab 3.0.1Gitlab Gitlab 3.0.0Gitlab Gitlab 2.9.1Gitlab Gitlab 2.9.0Gitlab Gitlab 1.2.0Gitlab Gitlab 1.1.0Gitlab Gitlab 1.0.2Gitlab Gitlab 1.0.1Gitlab Gitlab 5.3.0Gitlab Gitlab 5.1.0Gitlab Gitlab 4.0.0Gitlab Gitlab 3.0.3Gitlab Gitlab 2.8.0Gitlab Gitlab 2.6.0Gitlab Gitlab 2.0.0Gitlab Gitlab 1.2.1Gitlab Gitlab 1.0.0Gitlab Gitlab 0.9.4Gitlab Gitlab 5.0.1Gitlab Gitlab 5.0.0Gitlab Gitlab 4.2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook