Gitblit Security Vulnerabilities and Issues — Gitblit CVE List

Lucene search

GitblitGitblit

4 matches found

CVE•added 2022/05/21 9:15 p.m.•110 views

CVE-2022-31268

A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname).

7.5CVSS7.3AI score0.75375EPSS

CVE•added 2022/05/21 9:15 p.m.•61 views

CVE-2022-31267

Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext '[email protected]\n\trole = "#admin"' value.

9.8CVSS9.6AI score0.02704EPSS

CVE•added 2025/08/27 5:15 p.m.•7 views

CVE-2025-50977

A template injection vulnerability leading to reflected cross-site scripting (XSS) has been identified in version 1.7.1, requiring authenticated admin access for exploitation. The vulnerability exists in the 'r' parameter and allows attackers to inject malicious Angular expressions that execute Jav...

6.1CVSS6.4AI score0.00029EPSS

CVE•added 2025/08/27 4:15 p.m.•6 views

CVE-2025-50978

In Gitblit v1.7.1, a reflected cross-site scripting (XSS) vulnerability exists in the way repository path names are handled. By injecting a specially crafted path payload an attacker can cause arbitrary JavaScript to execute when a victim views the manipulated URL. This flaw stems from insufficient...

6.1CVSS5.5AI score0.0003EPSS