Summary
| Detail | |||
|---|---|---|---|
| Vendor | Gitolite | First view | 2011-10-04 |
| Product | Gitolite | Last view | 2019-11-07 |
| Version | Type | Application | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.8 | 2019-11-07 | CVE-2010-2447 | gitolite before 1.4.1 does not filter src/ or hooks/ from path names. |
| 8.1 | 2019-01-09 | CVE-2018-20683 | commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P. |
| 5.5 | 2018-09-21 | CVE-2013-7203 | gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup. |
| 9.8 | 2018-09-21 | CVE-2013-4451 | gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating (1) ~/.gitolite.rc, (2) ~/.gitolite, or (3) ~/repositories/gitolite-admin.git on fresh installs. |
| 8.1 | 2018-09-12 | CVE-2018-16976 | Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access. |
| 4.6 | 2012-10-22 | CVE-2012-4506 | Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. (dot dot) in a repository name. |
| 6.8 | 2011-10-04 | CVE-2011-1572 | Directory traversal vulnerability in the Admin Defined Commands (ADC) feature in gitolite before 1.5.9.1 allows remote attackers to execute arbitrary commands via .. (dot dot) sequences in admin-defined commands. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 28% (2) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 28% (2) | CWE-20 | Improper Input Validation |
| 14% (1) | CWE-362 | Race Condition |
| 14% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 14% (1) | CWE-200 | Information Exposure |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 72538 | gitolite Admin-Defined Commands (ADC) Traversal Arbitrary Command Execution |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-10-22 | Name : FreeBSD Ports: gitolite File : nvt/freebsd_gitolite.nasl |
| 2011-05-12 | Name : Debian Security Advisory DSA 2215-1 (gitolite) File : nvt/deb_2215_1.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-d0bac4ff3b.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-dc060c6f2a.nasl - Type: ACT_GATHER_INFO |
| 2018-10-19 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1092.nasl - Type: ACT_GATHER_INFO |
| 2018-09-24 | Name: The remote Fedora host is missing a security update. File: fedora_2018-7993dea41b.nasl - Type: ACT_GATHER_INFO |
| 2014-12-15 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201412-09.nasl - Type: ACT_GATHER_INFO |
| 2014-01-05 | Name: The remote Fedora host is missing a security update. File: fedora_2013-23951.nasl - Type: ACT_GATHER_INFO |
| 2014-01-05 | Name: The remote Fedora host is missing a security update. File: fedora_2013-23953.nasl - Type: ACT_GATHER_INFO |
| 2012-10-16 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_f94befcd128911e2a25e525400272390.nasl - Type: ACT_GATHER_INFO |
