Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4506

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2012-4506
Last Modified 23 Oct 2012 11:29:28
Published 22 Oct 2012 07:55:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2012-4506

Summary

Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. (dot dot) in a repository name.

Vulnerable Systems

Application

  • Sitaram Chamarty Gitolite 3.0

  • Sitaram Chamarty Gitolite 3.01

  • Sitaram Chamarty Gitolite 3.02

  • Sitaram Chamarty Gitolite 3.03

  • Sitaram Chamarty Gitolite 3.04


References

CONFIRM - https://groups.google.com/forum/#!topic/gitolite/K9SnQNhCQ-0/discussion

CONFIRM - https://github.com/sitaramc/gitolite/commit/f636ce3ba3e340569b26d1e47b9d9b62dd8a3bf2

XF - gitolite-security-bypass(79130)

BID - 55853

MLIST - [oss-security] 20121009 Re: CVE Request: gitolite path traversal vulnerability

MLIST - [oss-security] 20121009 CVE Request: gitolite path traversal vulnerability

SECUNIA - 50896


Last Updated: 27 May 2016 10:51:46