|
Description
|
|
A security issue has been reported in gitolite, which can be exploited by malicious users to bypass certain security restrictions.
The security issue is caused due to an error when handling certain actions and can be exploited to e.g. perform actions with the privileges of the gitolite server via directory traversal attacks.
Successful exploitation requires using wild card repositories and allowing to match "../" string patterns.
The security issue is reported in version 3.x.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
gitolite 3.x
|
|
|
|
|
|
Solution
|
|
Fixed in the source code repository.
|
|
|
|
|
|
CVE
|
|
CVE-2012-4506
|
|
|
|
|
|
References
|
|
https://groups.google.com/forum/#!topic/gitolite/K9SnQNhCQ-0/discussion[1-25]
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
