6.8
CVE-2011-1572
- EPSS 2.92%
- Veröffentlicht 04.10.2011 10:55:09
- Zuletzt bearbeitet 16.06.2026 23:29:39
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginDirectory traversal vulnerability in the Admin Defined Commands (ADC) feature in gitolite before 1.5.9.1 allows remote attackers to execute arbitrary commands via .. (dot dot) sequences in admin-defined commands.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.92% | 0.852 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
http://groups.google.com/group/gitolite/browse_thread/thread/797a93ec26e1dcbc?pli=1
http://seclists.org/oss-sec/2011/q2/197
http://seclists.org/oss-sec/2011/q2/209
http://www.debian.org/security/2011/dsa-2215
http://www.securityfocus.com/bid/46473
https://bugzilla.redhat.com/show_bug.cgi?id=695568
https://exchange.xforce.ibmcloud.com/vulnerabilities/65542
https://github.com/sitaramc/gitolite/commit/4ce00aef84d1ff7c35f7adbbb99a6241cfda00cc