Strix
26.1K

CVE-2013-4580

UnknownEPSS 1.32%

Last modified

CVE-2013-4580 is a vulnerability of currently unknown severity. GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls.. EPSS estimates a 1.32% chance of exploitation in the next 30 days.

Description

GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls.

Metrics

EPSS Probability
1.32%

67.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
GitlabGitlab<= 5.4.1
GitlabGitlab0.8.0
GitlabGitlab0.9.1
GitlabGitlab0.9.4
GitlabGitlab0.9.6
GitlabGitlab1.0.0
GitlabGitlab1.0.1
GitlabGitlab1.0.2
GitlabGitlab1.1.0
GitlabGitlab1.2.0
GitlabGitlab1.2.1
GitlabGitlab1.2.2
GitlabGitlab2.0.0
GitlabGitlab2.1.0
GitlabGitlab2.2.0
GitlabGitlab2.3.0
GitlabGitlab2.3.1
GitlabGitlab2.4.0
GitlabGitlab2.5.0
GitlabGitlab2.6.0
GitlabGitlab2.7.0
GitlabGitlab2.8.0
GitlabGitlab2.8.1
GitlabGitlab2.9.0
GitlabGitlab2.9.1
GitlabGitlab3.0.0
GitlabGitlab3.0.1
GitlabGitlab3.0.2
GitlabGitlab3.0.3
GitlabGitlab3.1.0
GitlabGitlab4.0.0
GitlabGitlab4.1.0
GitlabGitlab4.2.0
GitlabGitlab5.0.0
GitlabGitlab5.0.1
GitlabGitlab5.1.0
GitlabGitlab5.2.0
GitlabGitlab5.3.0
GitlabGitlab5.4.0
GitlabGitlab<= 6.2.3
GitlabGitlab5.4.1
GitlabGitlab5.4.2
GitlabGitlab6.0.0
GitlabGitlab6.1.0
GitlabGitlab6.2.0
GitlabGitlab6.2.1
GitlabGitlab6.2.2
GitlabGitlab<= 6.2.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2013-4580?
GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls.
How severe is CVE-2013-4580?
Severity scoring for CVE-2013-4580 is pending analysis. The EPSS model estimates a 1.32% probability of exploitation in the next 30 days.
How do I fix CVE-2013-4580?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-4580?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST