Project

General

Profile

Bug #9883

gitolite: security issue in optional bundle helper ("rsync" command) (CVE-2018-20683)

Added by Alicha CH 4 months ago. Updated 4 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
-
Start date:
01/21/2019
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Affected versions:
Security IDs:
CVE-2018-20683

Description

commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows
attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P.

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-20683
https://github.com/sitaramc/gitolite/blob/master/CHANGELOG

Patch:

https://github.com/sitaramc/gitolite/commit/5df2b817255ee919991da6c310239e08c8fcc1ae


Subtasks

Bug #9884: [3.9] gitolite: security issue in optional bundle helper ("rsync" command) (CVE-2018-20683)Closed

Bug #9885: [3.8] gitolite: security issue in optional bundle helper ("rsync" command) (CVE-2018-20683)Closed

Bug #9886: [3.7] gitolite: security issue in optional bundle helper ("rsync" command) (CVE-2018-20683)Closed

Bug #9887: [3.6] gitolite: security issue in optional bundle helper ("rsync" command) (CVE-2018-20683)Closed

History

#1 Updated by Alicha CH 4 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from New to Closed

Also available in: Atom PDF