Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. (dot dot) in a repository name.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gitolite | gitolite | 3.0 |
| gitolite | gitolite | 3.03 |
| gitolite | gitolite | 3.04 |
| sitaram_chamarty | gitolite | 3.01 |
| gitolite | gitolite | 3.02 |