CVE-2024-4981
HIGHPagure < 5.14.1 - Unauthenticated Information Disclosure via Symbolic Link Traversal
Title source: llmDescription
A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make visible content from outside the git repo.
References (4)
Core 4
Core References
Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=2278745
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2024-4981
Exploit, Issue Tracking issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2280723
Scores
CVSS v3
7.6
EPSS
0.0034
EPSS Percentile
25.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-552
Status
published
Products (1)
redhat/pagure
< 5.14.1
Published
May 12, 2025
Tracked Since
Feb 18, 2026