gitolite 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に パス処理の欠陥 and vendor risk input validation などに関し、一部は ファイル上書き を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2010-2447 | gitolite before 1.4.1 does not filter src/ or hooks/ from path names. | [email protected] | 9.8 | 0.51% | 2019-11-07 | 2024-11-21 |
| CVE-2018-20683 | commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P. | [email protected] | 8.1 | 0.50% | 2019-01-10 | 2024-11-21 |
| CVE-2013-7203 | gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup. | [email protected] | 5.5 | 0.08% | 2018-09-21 | 2024-11-21 |
| CVE-2013-4451 | gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating (1) ~/.gitolite.rc, (2) ~/.gitolite, or (3) ~/repositories/gitolite-admin.git on fresh installs. | [email protected] | 9.8 | 1.32% | 2018-09-21 | 2024-11-21 |
| CVE-2018-16976 | Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access. | [email protected] | 8.1 | 0.25% | 2018-09-12 | 2024-11-21 |
| CVE-2012-4506 | Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. (dot dot) in a repository name. | [email protected] | 4.6 | 0.77% | 2012-10-22 | 2026-04-29 |
| CVE-2011-1572 | Directory traversal vulnerability in the Admin Defined Commands (ADC) feature in gitolite before 1.5.9.1 allows remote attackers to execute arbitrary commands via .. (dot dot) sequences in admin-defined commands. | [email protected] | 6.8 | 0.59% | 2011-10-04 | 2026-04-29 |