### [CVE-2013-4583](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4583)
![](https://img.shields.io/static/v1?label=Product&message=GitLab%20Community%20Edition&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=GitLab%20Enterprise%20Edition&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=gitlab-shell&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=5.0%20before%205.4.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=before%201.7.8%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=before%206.2.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=before%206.2.4%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Directory%20Traversal%20(Local%20File%20Inclusion)&color=brightgreen)

### Description

The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories.

### POC

#### Reference
- https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/

#### Github
No PoCs found on GitHub currently.