CVE-2020-9708
MEDIUMAdobe Git Server < 1.3.1 - Path Traversal via resolveRepositoryPath
Title source: llmDescription
The resolveRepositoryPath function doesn't properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces the location of the repository.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://github.com/adobe/git-server/security/advisories/GHSA-cgj4-x2hh-2x93
Scores
CVSS v3
5.9
EPSS
0.0294
EPSS Percentile
85.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
CWE-24
Status
published
Products (1)
adobe/git-server
< 1.3.1
Published
Aug 14, 2020
Tracked Since
Feb 18, 2026