CVE-2018-14912

NameCVE-2018-14912
Descriptioncgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1459-1, DSA-4263-1
NVD severitymedium (attack range: remote)
Debian Bugs905382

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cgit (PTS)jessie0.10.2.git2.0.1-3+deb8u1vulnerable
jessie (security)0.10.2.git2.0.1-3+deb8u2fixed
stretch1.1+git2.10.2-3vulnerable
stretch (security)1.1+git2.10.2-3+deb9u1fixed
buster, sid1.1+git2.10.2-3.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cgitsource(unstable)1.1+git2.10.2-3.1medium905382
cgitsourcejessie0.10.2.git2.0.1-3+deb8u2mediumDLA-1459-1
cgitsourcestretch1.1+git2.10.2-3+deb9u1mediumDSA-4263-1

Notes

https://bugs.chromium.org/p/project-zero/issues/detail?id=1627
https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html
https://git.zx2c4.com/cgit/commit/?id=53efaf30b50f095cad8c160488c74bba3e3b2680

Search for package or bug name: Reporting problems