What is the severity of CVE-2012-4506?

CVE-2012-4506 has a high severity rating due to its potential for unauthorized access and repository creation.

How do I fix CVE-2012-4506?

To fix CVE-2012-4506, upgrade gitolite to version 3.1 or later where the vulnerability is patched.

Who is affected by CVE-2012-4506?

CVE-2012-4506 affects all versions of gitolite prior to 3.1, particularly those versions configured with wild card repositories.

Is there a workaround for CVE-2012-4506?

As a workaround for CVE-2012-4506, you can disable wild card repository support until the software is updated.

Vulnerability/
CVE-2012-4506

medium

4.6

CWE

22/10/2012

9/9/2019

CVE-2012-4506: Path Traversal

First published: Mon Oct 22 2012(Updated: )

Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. (dot dot) in a repository name.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Gitolite	=3.0
Gitolite	=3.02
Gitolite	=3.03
Gitolite	=3.04
Gitolite	=3.01

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-4506?
CVE-2012-4506 has a high severity rating due to its potential for unauthorized access and repository creation.
How do I fix CVE-2012-4506?
To fix CVE-2012-4506, upgrade gitolite to version 3.1 or later where the vulnerability is patched.
Who is affected by CVE-2012-4506?
CVE-2012-4506 affects all versions of gitolite prior to 3.1, particularly those versions configured with wild card repositories.
What can happen if CVE-2012-4506 is exploited?
Exploitation of CVE-2012-4506 can allow remote authenticated users to create arbitrary repositories that could lead to unauthorized actions.
Is there a workaround for CVE-2012-4506?
As a workaround for CVE-2012-4506, you can disable wild card repository support until the software is updated.

agent/author
agent/type
agent/event
agent/tags
agent/first-publish-date
agent/last-modified-date
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
agent/references
agent/weakness
agent/severity
agent/description
vendor/gitolite
canonical/gitolite
version/gitolite/3.0
version/gitolite/3.02
version/gitolite/3.03
version/gitolite/3.04
vendor/sitaram chamarty
version/gitolite/3.01

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.