cgit "url" File Disclosure Vulnerability


Description   A vulnerability has been reported in cgit, which can be exploited by malicious people to disclose certain sensitive information.
Input passed via the "url" GET parameter to / is not verified before being used to read files. This can be exploited to read arbitrary files from local resources via directory traversal sequences.
Successful exploitation requires cgit to be configured to use a readme file from the file system (configured to use a readme from a git repository by default).
     
Vulnerable Products   Vulnerable Software:
cgit 0.x
     
Solution   Update to version 0.9.2.
     
CVE   CVE-2013-2117
     
References   cgit:
http://lists.zx2c4.com/pipermail/cgit/2013-May/001394.html
http://www.openwall.com/lists/oss-security/2013/05/25/3
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Misc : Directory traversal - parameter starting with ../
3.2.0
Directory traversal using ..\..
3.2.0
Directory traversal
3.2.0
Directory traversal backward root folder
3.2.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2013-05-27 

 Target Type 
Server 

 Possible exploit 
Remote