CVE-2018-14912

Опубликовано: 03 авг. 2018

Источник: ubuntu

Приоритет: medium

EPSS Критический

CVSS2: 5

CVSS3: 7.5

Описание

cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when enable-http-clone=1 is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.

Релиз	Статус	Примечание
bionic	released	1.1+git2.10.2-3ubuntu0.1
cosmic	not-affected	1.1+git2.10.2-3.1
devel	not-affected	1.1+git2.10.2-3.1
disco	not-affected	1.1+git2.10.2-3.1
eoan	not-affected	1.1+git2.10.2-3.1
esm-apps/bionic	released	1.1+git2.10.2-3ubuntu0.1
esm-apps/focal	not-affected	1.1+git2.10.2-3.1
esm-apps/jammy	not-affected	1.1+git2.10.2-3.1
esm-apps/noble	not-affected	1.1+git2.10.2-3.1
esm-apps/xenial	needed

Показывать по

Ссылки на источники

EPSS

Процентиль: 100%

0.91584

Критический

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVE-2018-14912

CVSS3: 7.5

nvd

больше 7 лет назад

cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.

CVE-2018-14912

CVSS3: 7.5

debian

больше 7 лет назад

cgit_clone_objects in CGit before 1.2.1 has a directory traversal vuln ...

openSUSE-SU-2018:2313-1

suse-cvrf

больше 7 лет назад

Security update for cgit

openSUSE-SU-2018:2308-1

suse-cvrf

больше 7 лет назад

Security update for cgit

GHSA-46c3-xc8j-9qg7

CVSS3: 7.5

github

больше 3 лет назад

cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.

EPSS

Процентиль: 100%

0.91584

Критический

5 Medium

CVSS2

7.5 High

CVSS3

CVE-2018-14912

Описание

Пакет cgit

Ссылки на источники

Связанные уязвимости