Published: 12/09/2018 Updated: 07/11/2023

CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8

CVSS v3 Base Score: 8.1 | Impact Score: 5.2 | Exploitability Score: 2.8

VMScore: 490

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N

Gitolite prior to 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gitolite gitolite

Debian Bug report logs - #908699 gitolite3: CVE-2018-16976: prevent access to repos which are in the process of being migrated Package: src:gitolite3; Maintainer for src:gitolite3 is David Bremner <bremner@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 12 Sep 2018 19:54:01 UTC Severity: ...

Gitolite before 369 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed This can allow valid users to obtain unintended access See: nvdnistgov/vuln/detail/CVE-2018-16976 ...

CWE-362 https://github.com/sitaramc/gitolite/commit/dc13dfca8fdae5634bb0865f7e9822d2a268ed59 https://bugs.debian.org/908699 https://groups.google.com/forum/#%21topic/gitolite-announce/WrwDTYdbfRg https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908699 https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2018-1092.html

CVE-2018-16976

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect