Full title: Gitlab-shell Code Execution Exploit 
Category: remote exploits
Platform: multiple
This Metasploit module takes advantage of the addition of authorized ssh keys in the gitlab-shell functionality of Gitlab. Versions of gitlab-shell prior to 1.7.4 used the ssh key provided directly in a system call resulting in a command injection vulnerability. As this relies on adding an ssh key to an account valid credentials are required to exploit this vulnerability.

# 0day.today @ http://0day.today/