Vulnerabilities > Gitolite

DATE CVE VULNERABILITY TITLE RISK
2019-11-07 CVE-2010-2447 Improper Input Validation vulnerability in Gitolite
gitolite before 1.4.1 does not filter src/ or hooks/ from path names.
network
low complexity
gitolite CWE-20
critical
9.8
2019-01-10 CVE-2018-20683 Improper Input Validation vulnerability in Gitolite
commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P.
network
high complexity
gitolite CWE-20
8.1
2018-09-21 CVE-2013-7203 Information Exposure vulnerability in Gitolite
gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup.
local
low complexity
gitolite CWE-200
5.5
2018-09-21 CVE-2013-4451 Permissions, Privileges, and Access Controls vulnerability in Gitolite
gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating (1) ~/.gitolite.rc, (2) ~/.gitolite, or (3) ~/repositories/gitolite-admin.git on fresh installs.
network
low complexity
gitolite CWE-264
critical
9.8
2018-09-12 CVE-2018-16976 Race Condition vulnerability in Gitolite
Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed.
network
low complexity
gitolite CWE-362
8.1