Vulnerability Description
Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. (dot dot) in a repository name.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gitolite | Gitolite | 3.0 |
| Sitaram Chamarty | Gitolite | 3.01 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/50896Vendor Advisory
- http://www.openwall.com/lists/oss-security/2012/10/10/1
- http://www.openwall.com/lists/oss-security/2012/10/10/2
- http://www.securityfocus.com/bid/55853
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79130
- https://github.com/sitaramc/gitolite/commit/f636ce3ba3e340569b26d1e47b9d9b62dd8a
- https://groups.google.com/forum/#%21topic/gitolite/K9SnQNhCQ-0/discussion
- http://secunia.com/advisories/50896Vendor Advisory
- http://www.openwall.com/lists/oss-security/2012/10/10/1
- http://www.openwall.com/lists/oss-security/2012/10/10/2
- http://www.securityfocus.com/bid/55853
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79130
- https://github.com/sitaramc/gitolite/commit/f636ce3ba3e340569b26d1e47b9d9b62dd8a
- https://groups.google.com/forum/#%21topic/gitolite/K9SnQNhCQ-0/discussion
FAQ
What is CVE-2012-4506?
CVE-2012-4506 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories a...
How severe is CVE-2012-4506?
CVE-2012-4506 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4506?
Check the references section above for vendor advisories and patch information. Affected products include: Gitolite Gitolite, Sitaram Chamarty Gitolite.