Vulnerabilities > Gitolite
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-07 | CVE-2010-2447 | Improper Input Validation vulnerability in Gitolite gitolite before 1.4.1 does not filter src/ or hooks/ from path names. | 7.5 |
| 2019-01-10 | CVE-2018-20683 | Improper Input Validation vulnerability in Gitolite commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P. | 8.1 |
| 2018-09-21 | CVE-2013-7203 | Information Exposure vulnerability in Gitolite gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup. | 2.1 |
| 2018-09-21 | CVE-2013-4451 | Permissions, Privileges, and Access Controls vulnerability in Gitolite gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating (1) ~/.gitolite.rc, (2) ~/.gitolite, or (3) ~/repositories/gitolite-admin.git on fresh installs. | 9.8 |
| 2018-09-12 | CVE-2018-16976 | Race Condition vulnerability in Gitolite Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. | 8.1 |
| 2011-10-04 | CVE-2011-1572 | Path Traversal vulnerability in Gitolite Directory traversal vulnerability in the Admin Defined Commands (ADC) feature in gitolite before 1.5.9.1 allows remote attackers to execute arbitrary commands via .. | 6.8 |