Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access.
{
"source": [
"CPE_RANGE",
"REFERENCES"
],
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "3.6.9"
}
],
"cpe": "cpe:2.3:a:gitolite:gitolite:*:*:*:*:*:*:*:*"
}