Summary
| Detail | |||
|---|---|---|---|
| Vendor | Gitolite | First view | 2011-10-04 |
| Product | Gitolite | Last view | 2019-01-09 |
| Version | 1.5.5 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:gitolite:gitolite | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 8.1 | 2019-01-09 | CVE-2018-20683 | commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P. |
| 5.5 | 2018-09-21 | CVE-2013-7203 | gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup. |
| 9.8 | 2018-09-21 | CVE-2013-4451 | gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating (1) ~/.gitolite.rc, (2) ~/.gitolite, or (3) ~/repositories/gitolite-admin.git on fresh installs. |
| 8.1 | 2018-09-12 | CVE-2018-16976 | Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access. |
| 6.8 | 2011-10-04 | CVE-2011-1572 | Directory traversal vulnerability in the Admin Defined Commands (ADC) feature in gitolite before 1.5.9.1 allows remote attackers to execute arbitrary commands via .. (dot dot) sequences in admin-defined commands. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 20% (1) | CWE-362 | Race Condition |
| 20% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 20% (1) | CWE-200 | Information Exposure |
| 20% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 20% (1) | CWE-20 | Improper Input Validation |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 72538 | gitolite Admin-Defined Commands (ADC) Traversal Arbitrary Command Execution |
OpenVAS Exploits
| id | Description |
|---|---|
| 2011-05-12 | Name : Debian Security Advisory DSA 2215-1 (gitolite) File : nvt/deb_2215_1.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-d0bac4ff3b.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-dc060c6f2a.nasl - Type: ACT_GATHER_INFO |
| 2018-10-19 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1092.nasl - Type: ACT_GATHER_INFO |
| 2018-09-24 | Name: The remote Fedora host is missing a security update. File: fedora_2018-7993dea41b.nasl - Type: ACT_GATHER_INFO |
| 2014-12-15 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201412-09.nasl - Type: ACT_GATHER_INFO |
| 2014-01-05 | Name: The remote Fedora host is missing a security update. File: fedora_2013-23951.nasl - Type: ACT_GATHER_INFO |
| 2014-01-05 | Name: The remote Fedora host is missing a security update. File: fedora_2013-23953.nasl - Type: ACT_GATHER_INFO |
