Lucene search

[email protected]CVE-2014-4511

HistoryJul 22, 2014 - 2:55 p.m.

CVE-2014-4511

2014-07-2214:55:09

[email protected]

web.nvd.nist.gov

gitlist

cve-2014-4511

remote code execution

security vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.965 High

EPSS

Percentile

99.6%

JSON

Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/.

Affected configurations

NVD

Node

gitlistgitlistRange≤0.4.0

gitlistgitlistMatch0.1

gitlistgitlistMatch0.2

gitlistgitlistMatch0.3

CPENameOperatorVersion
gitlist:gitlistgitlistle0.4.0
gitlist:gitlistgitlisteq0.1
gitlist:gitlistgitlisteq0.2
gitlist:gitlistgitlisteq0.3

CPE	Name	Operator	Version
gitlist:gitlist	gitlist	le	0.4.0
gitlist:gitlist	gitlist	eq	0.1
gitlist:gitlist	gitlist	eq	0.2
gitlist:gitlist	gitlist	eq	0.3

References

hatriot.github.io/blog/2014/06/29/gitlist-rce/

packetstormsecurity.com/files/127281/Gitlist-0.4.0-Remote-Code-Execution.html

packetstormsecurity.com/files/127364/Gitlist-Unauthenticated-Remote-Command-Execution.html

www.exploit-db.com/exploits/33929

www.exploit-db.com/exploits/33990

groups.google.com/forum/#%21topic/gitlist/Hw_KdZfA4js

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.965 High

EPSS

Percentile

99.6%

JSON

Related for CVE-2014-4511

zdt2 saint4 seebug1 prion1 packetstorm2 openvas1 cvelist1 nvd1 exploitpack2 checkpoint_advisories1 exploitdb1