Vulnerability Details : CVE-2012-4548
Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in argument to the highlight command.
Exploit prediction scoring system (EPSS) score for CVE-2012-4548
Probability of exploitation activity in the next 30 days: 0.47%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 73 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-4548
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST |
References for CVE-2012-4548
-
http://git.zx2c4.com/cgit/commit/?id=7ea35f9f8ecf61ab42be9947aae1176ab6e089bd
cgit - A hyperfast web frontend for git repositories written in C.
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/79665
cgit syntax-highlighting.sh command execution CVE-2012-4548 Vulnerability Report
-
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00022.html
[security-announce] openSUSE-SU-2012:1422-1: important: update for cgit
-
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00004.html
[security-announce] openSUSE-SU-2012:1461-1: important: update for cgit
-
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00021.html
[security-announce] openSUSE-SU-2012:1421-1: important: update for cgit
-
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00003.html
[security-announce] openSUSE-SU-2012:1460-1: important: update for cgit
-
http://www.openwall.com/lists/oss-security/2012/10/28/2
oss-security - Re: CVE Request: cgit command injection
-
http://www.openwall.com/lists/oss-security/2012/10/28/1
oss-security - CVE Request: cgit command injection
-
http://www.securityfocus.com/bid/56315
cgit 'syntax-highlighting.sh' Remote Command Injection Vulnerability
-
https://bugzilla.redhat.com/show_bug.cgi?id=870713
870713 – (CVE-2012-4548) CVE-2012-4548 cgit: syntax-highlighting.sh command injection
Products affected by CVE-2012-4548
- cpe:2.3:a:lars_hjemli:cgit:*:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.8.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.8.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.8.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.8.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.8.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.8.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.8.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.9.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.8.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:lars_hjemli:cgit:0.9.0.2:*:*:*:*:*:*:*