Bug 725042 (CVE-2011-2711) - CVE-2011-2711 cgit: XSS flaw in rename hint
Summary: CVE-2011-2711 cgit: XSS flaw in rename hint
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2011-2711
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-07-22 16:42 UTC by Jan Lieskovsky
Modified: 2021-10-19 21:49 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-19 21:49:22 UTC
Embargoed:


Attachments (Terms of Use)

Description Jan Lieskovsky 2011-07-22 16:42:18 UTC
An cross-site scripting (XSS) flaw was found in the way cgit, a fast web interface for Git, processed the file name in the rename hint. A remote attacker, valid CGit user with push access to the repository, could use this flaw to execute arbitrary web script or HTML code via a push commit message, renaming some file to a file with specially-crafted file name.

References:
[1] http://hjemli.net/pipermail/cgit/2011-July/000276.html

Comment 1 Jan Lieskovsky 2011-07-22 16:46:00 UTC
This issue affected the versions of the cgit package, as shipped with Fedora release of 14 and 15.

The relevant cgit package updates for Fedora-14 and Fedora-15 has been already scheduled (cgit-0.9.0.2-2.fc14, cgit-0.9.0.2-2.fc15) and once they have passed the required testing phase, they will be pushed to Fedora -stable repository.

--

This issue affected the versions of the cgit package, as present within EPEL-5 and EPEL-6 repositories. 

The relevant cgit package updates for EPEL-5 and EPEL-6 has been already scheduled (cgit-0.9.0.2-2.el5, cgit-0.9.0.2-2.el6).

Comment 2 Jan Lieskovsky 2011-07-22 16:50:41 UTC
CVE Request:
[2] http://www.openwall.com/lists/oss-security/2011/07/22/2

Comment 3 Jan Lieskovsky 2011-07-24 13:43:58 UTC
The CVE identifier of CVE-2011-2711 has been assigned to this issue:
[3] http://www.openwall.com/lists/oss-security/2011/07/22/6

Comment 4 Jan Lieskovsky 2011-07-24 13:53:38 UTC
Lukas Fleischer, the original issue reporter has suggested in:
[4] http://www.openwall.com/lists/oss-security/2011/07/22/7

that original issue description in comment #0 of this bug was inappropriate. So have updated it to reflect it can be exploited only by an user with push access to the repository.


Note You need to log in before you can comment on or make changes to this bug.