20 matches found
CVE-2026-27775
Summary: CVE-2026-27775 affects Gitea 1.25.5, where a branch-specific write-permission result is cached across multiple refs in a single pre-receive hook session. This permits a per-branch maintainer-edit grant to be reused on other refs, potentially escalating to full repository write access. Im...
CVE-2026-27775
Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-edit grant to be reused for other refs and escalate to full repository write access...
CVE-2026-45408
Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex ^a-z0-9^/:A-Z$ permits shell metacharacters. When an authenticated user pushes to a git remote with a crafted app name, the name is embedded unquoted into a bash pre-receive hook script via an unquoted heredoc EOF...
EUVD-2026-39801
Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex ^a-z0-9^/:A-Z$ permits shell metacharacters. When an authenticated user pushes to a git remote with a crafted app name, the name is embedded unquoted into a bash pre-receive hook script via an unquoted heredoc EOF...
CVE-2026-45408
Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex ^a-z0-9^/:A-Z$ permits shell metacharacters. When an authenticated user pushes to a git remote with a crafted app name, the name is embedded unquoted into a bash pre-receive hook script via an unquoted heredoc...
CVE-2026-45408
CVE-2026-45408 affects Dokku, a docker-powered PaaS. Before 0.38.2, the app name validation regex allows shell metacharacters, and when an authenticated user pushes to a git remote with a crafted app name, the name is embedded unquoted into a bash pre-receive hook script via an unquoted heredoc (...
CVE-2026-45408 Dokku: OS Command Injection via App Name in Git Pre-Receive Hook
Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex ^a-z0-9^/:A-Z$ permits shell metacharacters. When an authenticated user pushes to a git remote with a crafted app name, the name is embedded unquoted into a bash pre-receive hook script via an unquoted heredoc EOF...
PT-2026-52853
Name of the Vulnerable Software and Affected Versions Dokku versions prior to 0.38.2 Description An issue exists where the app name validation regex permits shell metacharacters. An authenticated user can exploit this by pushing to a git remote using a crafted app name. This name is embedded...
GHSA-MM7C-RHG6-QR4R Gitea: Authorization Bypass via "Allow edits from maintainers" allows unauthorized commits to any readable repo
Summary Any authenticated low-privilege user with read access to a repository can push arbitrary commits directly to that repository, bypassing all write-access checks. Vulnerability Gitea's "Allow edits from maintainers" PR option can be abused via reverse-fork PRs: 1. The web UI PR-create...
Gitea: Authorization Bypass via "Allow edits from maintainers" allows unauthorized commits to any readable repo
Summary Any authenticated low-privilege user with read access to a repository can push arbitrary commits directly to that repository, bypassing all write-access checks. Vulnerability Gitea's "Allow edits from maintainers" PR option can be abused via reverse-fork PRs: 1. The web UI PR-create...
PT-2026-50136
Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description An authorization bypass allows any authenticated low-privilege user with read access to a repository to push arbitrary commits directly to that repository, bypassing write-access checks. This...
CVE-2025-11578
A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker...
CVE-2025-11578 Pre-Receive Hook Path Collision Vulnerability in GitHub Enterprise Server Allowing Privilege Escalation
A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker...
CVE-2025-11578 Pre-Receive Hook Path Collision Vulnerability in GitHub Enterprise Server Allowing Privilege Escalation
A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker...
CVE-2025-11578
CVE-2025-11578 is a privilege-escalation vulnerability in GitHub Enterprise Server. An authenticated Enterprise admin could abuse a symlink escape in pre-receive hook environments to replace system binaries during hook cleanup and inject their SSH key into root’s authorized_keys, enabling root SS...
CVE-2025-3509
CVE-2025-3509 affects GitHub Enterprise Server prior to 3.18 and is a Remote Code Execution in the pre-receive hook. The root cause involves using dynamically allocated ports that become temporarily available during specific operational conditions (e.g., hot patch upgrades), creating an exploitab...
PT-2025-17246 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.18 Description: A Remote Code Execution RCE vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionalit...
openSUSE Security Update : gitolite (openSUSE-2019-754)
This update for gitolite fixes the following issues : Gitolite was updated to 3.6.9 : - CVE-2018-16976: prevent racy access to repos in process of migration to gitolite boo1108272 - 'info' learns new '-p' option to show only physical repos as opposed to wild repos The update to 3.6.8 contains : -...
openSUSE: Security Advisory for gitolite (openSUSE-SU-2018:3035-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for gitolite (moderate)
This update for gitolite fixes the following issues: Gitolite was updated to 3.6.9: - CVE-2018-16976: prevent racy access to repos in process of migration to gitolite boo1108272 - 'info' learns new '-p' option to show only physical repos as opposed to wild repos The update to 3.6.8 contains: - fi...