Vulnerability Details CVE-2013-4451
gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating (1) ~/.gitolite.rc, (2) ~/.gitolite, or (3) ~/repositories/gitolite-admin.git on fresh installs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.031
EPSS Ranking 86.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/sitaramc/gitolite/commit/3dad4f8e3214d6ab5f71823019a624fa48b055a3
- https://groups.google.com/forum/#%21topic/gitolite/Tu1sjaf7A4A/discussion
- https://www.openwall.com/lists/oss-security/2013/10/21/11
- https://www.securityfocus.com/bid/63237
- https://github.com/sitaramc/gitolite/commit/3dad4f8e3214d6ab5f71823019a624fa48b055a3
- https://groups.google.com/forum/#%21topic/gitolite/Tu1sjaf7A4A/discussion
- https://www.openwall.com/lists/oss-security/2013/10/21/11
- https://www.securityfocus.com/bid/63237
Products affected by CVE-2013-4451
-
cpe:2.3:a:gitolite:gitolite:3.0
-
cpe:2.3:a:gitolite:gitolite:3.01
-
cpe:2.3:a:gitolite:gitolite:3.02
-
cpe:2.3:a:gitolite:gitolite:3.03
-
cpe:2.3:a:gitolite:gitolite:3.04
-
cpe:2.3:a:gitolite:gitolite:3.1
-
cpe:2.3:a:gitolite:gitolite:3.5
-
cpe:2.3:a:gitolite:gitolite:3.5.1
-
cpe:2.3:a:gitolite:gitolite:3.5.2
-
cpe:2.3:a:gitolite:gitolite:3.5.3