Vulnerability Details CVE-2022-31267
Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext 'attacker@example.com\n\trole = "#admin"' value.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.027
EPSS Ranking 85.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References