{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T22:40:51.435","vulnerabilities":[{"cve":{"id":"CVE-2012-4506","sourceIdentifier":"secalert@redhat.com","published":"2012-10-22T23:55:07.243","lastModified":"2025-04-11T00:51:21.963","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching \"../\" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. (dot dot) in a repository name."},{"lang":"es","value":"Vulnerabilidad de salto de directorio en gitolite v3.x antes de v3.1, cuando repositorios wild card y un patrón que coincida con \"../\" está activado, permite a usuarios remotos autenticados crear repositorios arbitrarios y posiblemente realizar otras acciones a través de un .. (punto punto) en un nombre de repositorio."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:S/C:P/I:P/A:P","baseScore":4.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitolite:gitolite:3.0:*:*:*:*:*:*:*","matchCriteriaId":"05997028-392C-4287-995D-398C5EFF9F5E"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitolite:gitolite:3.02:*:*:*:*:*:*:*","matchCriteriaId":"EBCDE647-25DA-4238-81FD-6AFE0B23CE45"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitolite:gitolite:3.03:*:*:*:*:*:*:*","matchCriteriaId":"AE60C0B8-60FB-4DDA-A45E-A949049AFD92"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitolite:gitolite:3.04:*:*:*:*:*:*:*","matchCriteriaId":"2B181E8E-6533-43C2-98B4-71194B318E07"},{"vulnerable":true,"criteria":"cpe:2.3:a:sitaram_chamarty:gitolite:3.01:*:*:*:*:*:*:*","matchCriteriaId":"92A8D9B7-7EAE-486D-B41F-C092B4FA2552"}]}]}],"references":[{"url":"http://secunia.com/advisories/50896","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2012/10/10/1","source":"secalert@redhat.com"},{"url":"http://www.openwall.com/lists/oss-security/2012/10/10/2","source":"secalert@redhat.com"},{"url":"http://www.securityfocus.com/bid/55853","source":"secalert@redhat.com"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/79130","source":"secalert@redhat.com"},{"url":"https://github.com/sitaramc/gitolite/commit/f636ce3ba3e340569b26d1e47b9d9b62dd8a3bf2","source":"secalert@redhat.com"},{"url":"https://groups.google.com/forum/#%21topic/gitolite/K9SnQNhCQ-0/discussion","source":"secalert@redhat.com"},{"url":"http://secunia.com/advisories/50896","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2012/10/10/1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2012/10/10/2","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/55853","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/79130","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/sitaramc/gitolite/commit/f636ce3ba3e340569b26d1e47b9d9b62dd8a3bf2","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://groups.google.com/forum/#%21topic/gitolite/K9SnQNhCQ-0/discussion","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}