CVE-2020-9708

MEDIUM

Adobe Git-server < 1.3.1 - Path Traversal

Title source: rule

Description

The resolveRepositoryPath function doesn't properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces the location of the repository.

References (1)

[Third Party Advisory] https://github.com/adobe/git-server/security/advisories/GHSA-cgj4-x2hh-2x93

Scores

CVSS v3 5.9

EPSS 0.0382

EPSS Percentile 88.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22 CWE-24

Status published

Products (1)

adobe/git-server < 1.3.1

Published Aug 14, 2020

Tracked Since Feb 18, 2026