A new attack vector discovered relies on the fact that an attacker can remotely trigger a download of a malicious script via repository clone operation. And that such script can imitate the behavior of git/hg/p4 commands, thus bypassing the security checks present on the administration page.