CVE-2024-4981 | THREATINT

Description

A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make visible content from outside the git repo.

PUBLISHED Reserved 2024-05-15 | Published 2025-05-12 | Updated 2025-05-12 | Assigner fedora

HIGH: 7.6CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Problem types

Files or Directories Accessible to External Parties

Product status

Default status

unaffected

Any version before 5.14.1

affected

Timeline

2024-05-15:	Reported to Red Hat.
2024-05-03:	Made public.

References

access.redhat.com/security/cve/CVE-2024-4981 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2278745

bugzilla.redhat.com/show_bug.cgi?id=2280723 (RHBZ#2280723) issue-tracking

pagure.io/pagure/c/454f2677bc50d7176f07da9784882eb2176537f4

cve.org (CVE-2024-4981)

nvd.nist.gov (CVE-2024-4981)

Download JSON