Summary
cgit is prone to a directory-traversal vulnerability.
An attacker can exploit this issue using directory-traversal strings to retrieve arbitrary files outside of the server root directory. This may aid in further attacks.
Solution
Updates are available. Please see the references or vendor advisory for more information.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2013-2117 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- @Mail 'MailType' Parameter Cross Site Scripting Vulnerability
- Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
- Apache Open For Business HTML injection vulnerability
- Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities