rpm package
opensuse/gitolite&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/gitolite&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-20683 | — | < 3.6.12-1.6 | 3.6.12-1.6 | Jan 10, 2019 | commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P. | ||
| CVE-2018-16976 | Hig | 8.1 | < 3.6.12-1.6 | 3.6.12-1.6 | Sep 12, 2018 | Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended acc |
- CVE-2018-20683Jan 10, 2019affected < 3.6.12-1.6fixed 3.6.12-1.6
commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P.
- affected < 3.6.12-1.6fixed 3.6.12-1.6
Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended acc