Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. (dot dot) in a repository name.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Gitolite 目录遍历漏洞
Vulnerability Description
Gitolite是Sitaram Chamarty程序员所研发的一套基于Perl语言的Git服务管理工具。该工具使用公钥对用户进行认证,并支持通过配置文件对写操作进行基于分支和路径的授权。 Gitolite 3.1之前的3.x版本中存在目录遍历漏洞,可被恶意攻击利用绕过某些安全限制。该漏洞源于处理某些操作时存在错误,攻击者可利用该漏洞通过目录遍历攻击以gitolite服务器特权,执行操作。成功的利用需要使用所有卡片存储库并允许匹配‘../’字符串模式。
CVSS Information
N/A
Vulnerability Type
N/A