Total
7 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-2447 | 1 Gitolite | 1 Gitolite | 2019-11-12 | 7.5 HIGH | 9.8 CRITICAL |
gitolite before 1.4.1 does not filter src/ or hooks/ from path names. | |||||
CVE-2018-16976 | 1 Gitolite | 1 Gitolite | 2019-10-02 | 5.5 MEDIUM | 8.1 HIGH |
Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access. | |||||
CVE-2011-1572 | 1 Gitolite | 1 Gitolite | 2019-09-09 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in the Admin Defined Commands (ADC) feature in gitolite before 1.5.9.1 allows remote attackers to execute arbitrary commands via .. (dot dot) sequences in admin-defined commands. | |||||
CVE-2012-4506 | 2 Gitolite, Sitaram Chamarty | 2 Gitolite, Gitolite | 2019-09-09 | 4.6 MEDIUM | N/A |
Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. (dot dot) in a repository name. | |||||
CVE-2018-20683 | 1 Gitolite | 1 Gitolite | 2019-02-15 | 6.8 MEDIUM | 8.1 HIGH |
commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P. | |||||
CVE-2013-4451 | 1 Gitolite | 1 Gitolite | 2018-11-19 | 7.5 HIGH | 9.8 CRITICAL |
gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating (1) ~/.gitolite.rc, (2) ~/.gitolite, or (3) ~/repositories/gitolite-admin.git on fresh installs. | |||||
CVE-2013-7203 | 1 Gitolite | 1 Gitolite | 2018-11-19 | 2.1 LOW | 5.5 MEDIUM |
gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup. |