CVE-2018-16976

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-16976
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16976.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-16976
Related
Published
2018-09-12T22:29:00Z
Modified
2024-09-18T02:12:09.214630Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access.

References

Affected packages

Debian:11 / gitolite3

Package

Name
gitolite3
Purl
pkg:deb/debian/gitolite3?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.9-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / gitolite3

Package

Name
gitolite3
Purl
pkg:deb/debian/gitolite3?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.9-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / gitolite3

Package

Name
gitolite3
Purl
pkg:deb/debian/gitolite3?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.9-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/sitaramc/gitolite

Affected ranges

Type
GIT
Repo
https://github.com/sitaramc/gitolite
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
dc13dfca8fdae5634bb0865f7e9822d2a268ed59

Affected versions

v0.*

v0.01
v0.02

v3.*

v3.0
v3.01
v3.02
v3.03
v3.04
v3.1
v3.2
v3.3
v3.4
v3.5
v3.5.1
v3.5.2
v3.5.3
v3.5.3.1
v3.6
v3.6.1
v3.6.2
v3.6.3
v3.6.4
v3.6.5
v3.6.6
v3.6.7
v3.6.8