CVE-2013-4580
https://notcve.org/view.php?id=CVE-2013-4580
GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls. GitLab en versiones anteriores a 5.4.2, Community Edition en versiones anteriores a 6.2.4 y Enterprise Edition en versiones anteriores a 6.2.1, cuando se utiliza un backend MySQL, permite a atacantes remotos hacerse pasar por usuarios arbitrarios y eludir la autenticación a través de llamadas API no especificadas. • http://www.openwall.com/lists/oss-security/2013/11/15/4 https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab • CWE-287: Improper Authentication •
CVE-2013-4581
https://notcve.org/view.php?id=CVE-2013-4581
GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH. GitLab 5.0 anterior a 5.4.2, Community Edition anterior a 6.2.4, Enterprise Edition anterior a 6.2.1 y gitlab-shell anterior a 1.7.8 permite a atacantes remotos ejecutar código arbitrario a través de un cambio manipulado que utiliza SSH. • http://www.openwall.com/lists/oss-security/2013/11/15/4 https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2013-7316 – Gitlab 6.0 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-7316
Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other versions before 6.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML file, as demonstrated by README.html. Vulnerabilidad de XSS en GitLab 6.0 y otras versiones anteriores a 6.5.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de un archivo HTML manipulado, como es demostrado por README.html. • https://www.exploit-db.com/exploits/30329 http://www.exploit-db.com/exploits/30329 http://www.securityfocus.com/bid/64490 https://exchange.xforce.ibmcloud.com/vulnerabilities/89932 https://www.gitlab.com/2014/01/30/xss-vulnerability-in-gitlab • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •