Bug 2280726 (CVE-2024-4982)
Summary: | CVE-2024-4982 pagure: Path traversal in view_issue_raw_file() | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Nick Tait <ntait> |
Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | dominik, ngompa13, pingou, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | --- | |
Doc Text: |
A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2024-06-07 18:00:12 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2280727, 2280728 | ||
Bug Blocks: |
Description
Nick Tait
2024-05-15 23:01:12 UTC
Created pagure tracking bugs for this issue: Affects: epel-all [bug 2280727] Affects: fedora-all [bug 2280728] @ntait why was this ticket made public when it contains information about a CVE not fixed? (and how to reproduce/exploit it!) @ntait the vulnerability is fixed in pagure, new fedora packages are released as well. All related bugs are resolved, do you want to close this one too? Yep, thanks for the follow up. |