CVE-2020-24614

Published: Aug 25, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.openwall.com/lists/oss-security/2020/08/20/1

x_refsource_MISC

https://fossil-scm.org/forum/info/a05ae3ce7760daf6

x_refsource_MISC

[oss-security] 20200825 Re: Fossil-SCM patch fixes RCE in all historic versions

mailing-list

x_refsource_MLIST

https://fossil-scm.org/fossil/vdiff?branch=sec2020-2.12-patch&diff=1&w

x_refsource_CONFIRM

openSUSE-SU-2020:1478

vendor-advisory

x_refsource_SUSE

GLSA-202011-04

vendor-advisory

x_refsource_GENTOO

FEDORA-2020-50be892d25

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-ac6cf99f87

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-24614

Description

Affected Products

References