QwikSec

Security Database

CVE

CWE

Training

CVE-2012-4506

Published: Oct 22, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. (dot dot) in a repository name.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://groups.google.com/forum/#%21topic/gitolite/K9SnQNhCQ-0/discussion

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

https://github.com/sitaramc/gitolite/commit/f636ce3ba3e340569b26d1e47b9d9b62dd8a3bf2

x_refsource_CONFIRM

[oss-security] 20121009 CVE Request: gitolite path traversal vulnerability

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SECUNIA

[oss-security] 20121009 Re: CVE Request: gitolite path traversal vulnerability

mailing-list

x_refsource_MLIST

gitolite-security-bypass(79130)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.