CVE-2013-7203

MEDIUM

Gitolite <fa06a34 - Info Disclosure

Title source: llm
STIX 2.1

Description

gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup.

References (3)

Core 3
Core References
Third Party Advisory vendor-advisory x_refsource_fedora
https://lists.fedoraproject.org/pipermail/package-announce/2014-January/125611.html
Third Party Advisory mailing-list x_refsource_mlist
https://marc.info/?l=oss-security&m=138783069700756&w=2

Scores

CVSS v3 5.5
EPSS 0.0042
EPSS Percentile 33.7%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
gitolite/gitolite < 3.5.3
Published Sep 21, 2018
Tracked Since Feb 18, 2026