CVEs-PoC/2013/CVE-2013-4582.md

### [CVE-2013-4582](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4582)
![](https://img.shields.io/static/v1?label=Product&message=GitLab%20Community%20Edition&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=GitLab%20Enterprise%20Edition&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=gitlab-shell&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=5.0%20before%205.4.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=before%201.7.8%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=before%206.2.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=before%206.2.4%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Path%20Disclosure&color=brightgreen)

### Description

The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface.

### POC

#### Reference
- https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/

#### Github
No PoCs found on GitHub currently.