Bug 663609 (CVE-2010-3906) - CVE-2010-3906 Git (gitweb): XSS due to missing escaping of HTML element attributes
Summary: CVE-2010-3906 Git (gitweb): XSS due to missing escaping of HTML element attri...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2010-3906
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 663612 663639 663640
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-12-16 11:33 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:41 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-01-10 12:03:15 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2010:1003 0 normal SHIPPED_LIVE Moderate: git security update 2010-12-21 17:52:13 UTC

Description Jan Lieskovsky 2010-12-16 11:33:41 UTC
Cross-site scripting (XSS) flaw was found in the web
interface of Git distributed revision control system.
A remote attacker could use this flaw to execute arbitrary
HTML or scripting code by providing a certain URL
with specially-crafted values of f and fp variables.

References:
[1] http://www.bugsearch.net/en/11075/gitweb-1733-cross-site-scripting-cve-2010-3906.html?ref=3
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607248

Upstream changeset:
[3] http://repo.or.cz/w/git.git/commit/3017ed62f47ce14a959e2d315c434d4980cf4243

Public PoC (from [1]):
http://localhost/?p=foo/bar/ph33r.git;a=blobdiff;f=[XSS];fp=[XSS]
[XSS] => "><body onload="alert('xss')"> <a

Credit:
Emanuele 'emgent' Gentili

Comment 1 Jan Lieskovsky 2010-12-16 11:40:34 UTC
This issue affects the version of the git package, as shipped
with Red Hat Enterprise Linux 6.

--

This issue affects the versions of the git package, as shipped
with Fedora release of 13 and 14.

This issue affects the versions of the git package, as present
within EPEL-4 and EPEL-5 repositories.

Please schedule an update.

Comment 2 Jan Lieskovsky 2010-12-16 11:42:11 UTC
Created git tracking bugs for this issue

Affects: fedora-all [bug 663612]

Comment 4 Tomas Hoger 2010-12-16 20:36:46 UTC
Announcement of versions that fix this issue:
  http://www.spinics.net/lists/git/msg148037.html

Fixed in: 1.7.3.4, 1.7.2.5, 1.7.1.4, 1.7.0.9, 1.6.6.3, 1.6.5.9, 1.6.4.5

Comment 5 errata-xmlrpc 2010-12-21 17:52:19 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2010:1003 https://rhn.redhat.com/errata/RHSA-2010-1003.html


Note You need to log in before you can comment on or make changes to this bug.