CVE-2011-1572

critical

Description

Directory traversal vulnerability in the Admin Defined Commands (ADC) feature in gitolite before 1.5.9.1 allows remote attackers to execute arbitrary commands via .. (dot dot) sequences in admin-defined commands.

References

https://github.com/sitaramc/gitolite/commit/4ce00aef84d1ff7c35f7adbbb99a6241cfda00cc

https://exchange.xforce.ibmcloud.com/vulnerabilities/65542

https://bugzilla.redhat.com/show_bug.cgi?id=695568

http://www.securityfocus.com/bid/46473

http://www.debian.org/security/2011/dsa-2215

http://seclists.org/oss-sec/2011/q2/209

http://seclists.org/oss-sec/2011/q2/197

http://groups.google.com/group/gitolite/browse_thread/thread/797a93ec26e1dcbc?pli=1

Details

Source: Mitre, NVD

Published: 2011-10-04

Updated: 2019-09-09

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics