Lucene search

CVE-2018-14912

🗓️ 03 Aug 2018 19:00:29Reported by mitreType

cve🔗 web.nvd.nist.gov👁 100 Views🌐 WEB

cgit_clone_objects directory traversal vulnerability in CGi

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 38
0day.today	cgit 1.2.1 - Directory Traversal Exploit	14 Aug 201800:00	–	zdt
Packet Storm	cgit cgit_clone_objects() Directory Traversal	6 Aug 201800:00	–	packetstorm
Packet Storm	cgit Directory Traversal	14 Aug 201800:00	–	packetstorm
OSV	OPENSUSE-SU-2024:10679-1 cgit-1.2.3-1.10 on GA media	15 Jun 202400:00	–	osv
OSV	cgit - security update	4 Aug 201800:00	–	osv
OSV	CVE-2018-14912	3 Aug 201819:29	–	osv
OSV	cgit - security update	6 Aug 201800:00	–	osv
OpenVAS	openSUSE: Security Advisory for cgit (openSUSE-SU-2018:2313-1)	14 Aug 201800:00	–	openvas
OpenVAS	Debian: Security Advisory (DLA-1459-1)	9 Aug 201800:00	–	openvas
OpenVAS	Debian: Security Advisory (DSA-4263-1)	3 Aug 201800:00	–	openvas

Nvd

Node

cgit_project cgitRange<1.2.1

Node

debian debian_linuxMatch8.0

debian debian_linuxMatch9.0

Source	Link
bugs	www.bugs.chromium.org/p/project-zero/issues/detail
lists	www.lists.debian.org/debian-lts-announce/2018/08/msg00005.html
exploit-db	www.exploit-db.com/exploits/45195/
debian	www.debian.org/security/2018/dsa-4263
lists	www.lists.zx2c4.com/pipermail/cgit/2018-August/004176.html

Parameter	Position	Path	Description	CWE
path	query param	/cgit/cgit.cgi/git/objects/	Directory traversal vulnerability in cgit_clone_objects() allowing access to arbitrary files.	CWE-22

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

03 Aug 2018 19:29Current

7.3High risk

Vulners AI Score7.3

CVSS25

CVSS37.5

EPSS0.91377

CWE-22