Vulnerability Details : CVE-2011-1572
Directory traversal vulnerability in the Admin Defined Commands (ADC) feature in gitolite before 1.5.9.1 allows remote attackers to execute arbitrary commands via .. (dot dot) sequences in admin-defined commands.
Vulnerability category: Directory traversal
Products affected by CVE-2011-1572
- cpe:2.3:a:gitolite:gitolite:*:*:*:*:*:*:*:*
- cpe:2.3:a:gitolite:gitolite:0.55:*:*:*:*:*:*:*
- cpe:2.3:a:gitolite:gitolite:0.60:*:*:*:*:*:*:*
- cpe:2.3:a:gitolite:gitolite:1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:gitolite:gitolite:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:gitolite:gitolite:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:gitolite:gitolite:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:gitolite:gitolite:0.80:*:*:*:*:*:*:*
- cpe:2.3:a:gitolite:gitolite:0.85:*:*:*:*:*:*:*
- cpe:2.3:a:gitolite:gitolite:0.90:*:*:*:*:*:*:*
- cpe:2.3:a:gitolite:gitolite:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:gitolite:gitolite:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:gitolite:gitolite:1.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:gitolite:gitolite:1.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:gitolite:gitolite:0.50:*:*:*:*:*:*:*
- cpe:2.3:a:gitolite:gitolite:0.95:*:*:*:*:*:*:*
- cpe:2.3:a:gitolite:gitolite:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:gitolite:gitolite:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:gitolite:gitolite:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:gitolite:gitolite:1.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:gitolite:gitolite:1.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:gitolite:gitolite:0.65:*:*:*:*:*:*:*
- cpe:2.3:a:gitolite:gitolite:0.70:*:*:*:*:*:*:*
- cpe:2.3:a:gitolite:gitolite:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:gitolite:gitolite:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:gitolite:gitolite:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:gitolite:gitolite:1.5.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-1572
1.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1572
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2011-1572
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1572
-
http://www.securityfocus.com/bid/46473
Gitolite 'ADC' Security Bypass VulnerabilityPatch
-
http://seclists.org/oss-sec/2011/q2/209
oss-sec: Re: CVE id request: gitolitePatch
-
https://bugzilla.redhat.com/show_bug.cgi?id=695568
695568 – (CVE-2011-1572) CVE-2011-1572 gitolite: arbitrary command execution flaw with optional admin-defined command featurePatch
-
http://www.debian.org/security/2011/dsa-2215
Debian -- Security Information -- DSA-2215-1 gitolite
-
http://groups.google.com/group/gitolite/browse_thread/thread/797a93ec26e1dcbc?pli=1
Google Groepen
-
https://github.com/sitaramc/gitolite/commit/4ce00aef84d1ff7c35f7adbbb99a6241cfda00cc
security fix for optional ADC (admin-defined command) feature · sitaramc/gitolite@4ce00ae · GitHubPatch
-
http://seclists.org/oss-sec/2011/q2/197
oss-sec: CVE id request: gitolitePatch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/65542
gitolite admin-defined commands security bypass CVE-2011-1572 Vulnerability Report
Jump to