This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Gitolite First view 2011-10-04
Product Gitolite Last view 2019-01-09
Version 1.5.5 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:gitolite:gitolite

Activity : Overall

Related : CVE

  Date Alert Description
8.1 2019-01-09 CVE-2018-20683

commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P.

5.5 2018-09-21 CVE-2013-7203

gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup.

9.8 2018-09-21 CVE-2013-4451

gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating (1) ~/.gitolite.rc, (2) ~/.gitolite, or (3) ~/repositories/gitolite-admin.git on fresh installs.

8.1 2018-09-12 CVE-2018-16976

Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access.

6.8 2011-10-04 CVE-2011-1572

Directory traversal vulnerability in the Admin Defined Commands (ADC) feature in gitolite before 1.5.9.1 allows remote attackers to execute arbitrary commands via .. (dot dot) sequences in admin-defined commands.

CWE : Common Weakness Enumeration

%idName
20% (1) CWE-362 Race Condition
20% (1) CWE-264 Permissions, Privileges, and Access Controls
20% (1) CWE-200 Information Exposure
20% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
20% (1) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

id Description
72538 gitolite Admin-Defined Commands (ADC) Traversal Arbitrary Command Execution

OpenVAS Exploits

id Description
2011-05-12 Name : Debian Security Advisory DSA 2215-1 (gitolite)
File : nvt/deb_2215_1.nasl

Nessus® Vulnerability Scanner

id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-d0bac4ff3b.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-dc060c6f2a.nasl - Type: ACT_GATHER_INFO
2018-10-19 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1092.nasl - Type: ACT_GATHER_INFO
2018-09-24 Name: The remote Fedora host is missing a security update.
File: fedora_2018-7993dea41b.nasl - Type: ACT_GATHER_INFO
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-09.nasl - Type: ACT_GATHER_INFO
2014-01-05 Name: The remote Fedora host is missing a security update.
File: fedora_2013-23951.nasl - Type: ACT_GATHER_INFO
2014-01-05 Name: The remote Fedora host is missing a security update.
File: fedora_2013-23953.nasl - Type: ACT_GATHER_INFO