Critical severityNVD Advisory· Published May 21, 2022· Updated Aug 3, 2024
CVE-2022-31267
CVE-2022-31267
Description
Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext 'attacker@example.com\n\trole = "#admin"' value.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.gitblit:gitblitMaven | < 1.9.3 | 1.9.3 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-fh55-vwjc-69c7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-31267ghsaADVISORY
- github.com/gitblit/gitblit/commit/9b4afad6f4be212474809533ec2c280cce86501aghsaWEB
- github.com/gitblit/gitblit/issues/1410ghsax_refsource_MISCWEB
- github.com/gitblit/gitblit/releases/tag/v1.9.3ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.