Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4548

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2012-4548
Last Modified 10 Apr 2013 11:31:04
Published 11 Nov 2012 08:00:54
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-4548

Summary

Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in argument to the highlight command.

Vulnerable Systems

Application

  • Lars Hjemli Cgit 0.1

  • Lars Hjemli Cgit 0.2

  • Lars Hjemli Cgit 0.3

  • Lars Hjemli Cgit 0.4

  • Lars Hjemli Cgit 0.5

  • Lars Hjemli Cgit 0.6

  • Lars Hjemli Cgit 0.6.1

  • Lars Hjemli Cgit 0.6.2

  • Lars Hjemli Cgit 0.6.3

  • Lars Hjemli Cgit 0.7

  • Lars Hjemli Cgit 0.7.1

  • Lars Hjemli Cgit 0.7.2

  • Lars Hjemli Cgit 0.8

  • Lars Hjemli Cgit 0.8.1

  • Lars Hjemli Cgit 0.8.1.1

  • Lars Hjemli Cgit 0.8.2

  • Lars Hjemli Cgit 0.8.2.1

  • Lars Hjemli Cgit 0.8.2.2

  • Lars Hjemli Cgit 0.8.3

  • Lars Hjemli Cgit 0.8.3.1

  • Lars Hjemli Cgit 0.8.3.2

  • Lars Hjemli Cgit 0.8.3.3

  • Lars Hjemli Cgit 0.8.3.4

  • Lars Hjemli Cgit 0.8.3.5

  • Lars Hjemli Cgit 0.9

  • Lars Hjemli Cgit 0.9.0.1

  • Lars Hjemli Cgit 0.9.0.2

  • Lars Hjemli Cgit 0.9.0.3


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=870713

XF - cgit-syntaxhighlighting-command-exec(79665)

BID - 56315

MLIST - [oss-security] 20121028 Re: CVE Request: cgit command injection

MLIST - [oss-security] 20121027 CVE Request: cgit command injection

SECUNIA - 51167

SECUNIA - 50734

SUSE - openSUSE-SU-2012:1422

SUSE - openSUSE-SU-2012:1421

CONFIRM - http://git.zx2c4.com/cgit/commit/?id=7ea35f9f8ecf61ab42be9947aae1176ab6e089bd

SUSE - openSUSE-SU-2012:1461

SUSE - openSUSE-SU-2012:1460

SECUNIA - 51222


Last Updated: 27 May 2016 10:58:27