4.6

CVE-2012-4506

Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. (dot dot) in a repository name.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GitoliteGitolite Version3.0
GitoliteGitolite Version3.02
GitoliteGitolite Version3.03
GitoliteGitolite Version3.04
Sitaram ChamartyGitolite Version3.01
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.07% 0.789
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.6 3.9 6.4
AV:N/AC:H/Au:S/C:P/I:P/A:P
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://secunia.com/advisories/50896
Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/10/10/1
http://www.openwall.com/lists/oss-security/2012/10/10/2
http://www.securityfocus.com/bid/55853
https://exchange.xforce.ibmcloud.com/vulnerabilities/79130
https://github.com/sitaramc/gitolite/commit/f636ce3ba3e340569b26d1e47b9d9b62dd8a3bf2
https://groups.google.com/forum/#%21topic/gitolite/K9SnQNhCQ-0/discussion