Maven package
com.gitblit/gitblit
pkg:maven/com.gitblit/gitblit
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-31267 | — | < 1.9.3 | 1.9.3 | May 21, 2022 | Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext 'attacker@example.com\n\trole = "#admin"' value. | ||
| CVE-2022-31268 | — | <= 1.9.3 | — | May 21, 2022 | A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname). |
- CVE-2022-31267May 21, 2022affected < 1.9.3fixed 1.9.3
Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext 'attacker@example.com\n\trole = "#admin"' value.
- CVE-2022-31268May 21, 2022affected <= 1.9.3
A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname).