Arbitrary Repository Creation Vulnerability in Gitolite 3.x

Arbitrary Repository Creation Vulnerability in Gitolite 3.x

CVE-2012-4506 · MEDIUM Severity

AV:N/AC:H/AU:S/C:P/I:P/A:P

Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. (dot dot) in a repository name.

Learn more about our User Device Pen Test.