- Description
- Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. (dot dot) in a repository name.
- Source
- secalert@redhat.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4.6
- Impact score
- 6.4
- Exploitability score
- 3.9
- Vector string
- AV:N/AC:H/Au:S/C:P/I:P/A:P
- nvd@nist.gov
- CWE-22
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gitolite:gitolite:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "05997028-392C-4287-995D-398C5EFF9F5E"
},
{
"criteria": "cpe:2.3:a:gitolite:gitolite:3.02:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EBCDE647-25DA-4238-81FD-6AFE0B23CE45"
},
{
"criteria": "cpe:2.3:a:gitolite:gitolite:3.03:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AE60C0B8-60FB-4DDA-A45E-A949049AFD92"
},
{
"criteria": "cpe:2.3:a:gitolite:gitolite:3.04:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2B181E8E-6533-43C2-98B4-71194B318E07"
},
{
"criteria": "cpe:2.3:a:sitaram_chamarty:gitolite:3.01:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "92A8D9B7-7EAE-486D-B41F-C092B4FA2552"
}
],
"operator": "OR"
}
]
}
]