Symbolic Link Exposure in Pagure Server by Red Hat
CVE-2024-4981

7.1HIGH

Key Information:

Vendor

Red Hat
Status
Vendor
CVE Published:
12 May 2025

What is CVE-2024-4981?

A vulnerability present in the Pagure server allows malicious users to exploit symbolic links within submitted git repositories. This could inadvertently expose and make visible content from outside the intended git repository. Such exposure poses a risk by potentially revealing sensitive or unauthorized data to users accessing the server.

References

https://access.redhat.com/security/cve/CVE-2024-4981
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2278745
https://bugzilla.redhat.com/show_bug.cgi?id=2280723
issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.