Git Protocol Path Vulnerability in Gitea by Gitea Team
CVE-2020-28991

9.8CRITICAL

Key Information:

Vendor

Gitea

Status
Gitea
Vendor
CVE Published:
24 November 2020

What is CVE-2020-28991?

A vulnerability exists in Gitea software versions 0.9.99 through 1.12.x prior to 1.12.6. This issue arises from the software's failure to adequately handle maliciously crafted git protocol paths that include TCP port numbers and newline characters, potentially allowing an attacker to manipulate the behavior of the application.

References

https://github.com/go-gitea/gitea/pull/13525
x_refsource_MISC
https://github.com/go-gitea/gitea/releases/tag/v1.12.6
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2020-28991 : Git Protocol Path Vulnerability in Gitea by Gitea Team