CVE-2022-31268

A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ e.g., followed by a WEB-INF or META-INF pathname...

CVE-2022-31268

A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ e.g., followed by a WEB-INF or META-INF pathname...

CVE-2022-31267

Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext '[email protected]\n\trole = "admin"' value...

CVE-2022-31268

A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ e.g., followed by a WEB-INF or META-INF pathname...

CVE-2022-31267

Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext '[email protected]\n\trole = "admin"' value...

Privilege escalation

Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext 'email protected\n\trole = "admin"' value...

Path traversal

A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ e.g., followed by a WEB-INF or META-INF pathname...

CVE-2022-31267

CVE-2022-31267 affects Gitblit 1.9.2. The issue is privilege escalation via the Config User Service: a control character (for example, in an emailAddress field with a newline/tab) can be interpreted to set role = "#admin". NVD cites CVSSv2/3.1 base scores of 7.5 (HIGH) and 9.8 (CRITICAL). Rationa...

CVE-2022-31267

Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext '[email protected]\n\trole = "admin"' value...

CVE-2022-31268

CVE-2022-31268 affects Gitblit 1.9.3 via a path traversal / local file inclusion flaw exposed at the path /resources//../ (e.g., following by WEB-INF or META-INF). The incident enables reading website files on the server. Public sources in connected documents also describe risk of unauthorized fi...

CVE-2022-31268

A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ e.g., followed by a WEB-INF or META-INF pathname...

Gitblit 路径遍历漏洞

Gitblit is an open source, pure Java Git solution from Gitblit for managing, viewing and provisioning Git repositories. A security vulnerability exists in Gitblit version 1.9.3, which stems from a path traversal issue. An attacker exploiting this vulnerability could read website files...

Gitblit 安全漏洞

Gitblit is an open source, pure Java Git solution from Gitblit for managing, viewing and provisioning Git repositories. A security vulnerability exists in Gitblit version 1.9.2, which can be exploited by an attacker to elevate privileges by configuring user services...

com.gitblit.fathom:fathom-integration-test (>=0.5.0 <=1.0.1), com.gitblit.fathom:fathom-mailer (>=0.5.0 <=1.0.1) +72 more potentially affected by CVE-2018-20059 via ro.pippo:pippo-core (>=0.10.0 <=1.11.0)

ro.pippo:pippo-core MAVEN version =0.10.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.2, =0.8.1, =0.8.4, =0.8.0, =0.8.0, =0.2.3, =0.4.0, =0.4.0, =1.11.0 and more Source cves: CVE-2018-20059 Source advisory: OSV:GHSA-RMM5-G63H-M6G9...

Gitblit External Authentication Providers未明验证绕过漏洞

Bugtraq ID:66324 Gitblit是一个纯Java库用来管理、查看和处理Git资料库。 相关Gitblit的External Authentication Providers存在错误，允许拥有合法用户名的攻击者利用漏洞绕过验证，进行未授权操作。 0 Gitblit 1.x Gitblit 1.4.1已经修复该漏洞，建议用户下载更新： http://gitblit.com...

Gitblit源代码库验证绕过漏洞

Gitblit是一个纯Java库用来管理、查看和处理Git资料库。 Gitblit存在验证绕过额外难题，远程攻击者可以利用漏洞使用非法伪造登录凭据克隆源代码库。 Gitblit 0.6.9 厂商解决方案 Gitblit 0.7已经修复此漏洞，建议用户下载使用： http://gitblit.com/...