Gitolite
Monthly
Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.
Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. No vendor patch available.
Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.
Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. No vendor patch available.