CVE-2024-4982 | THREATINT

Description

A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server.

PUBLISHED Reserved 2024-05-15 | Published 2025-05-12 | Updated 2025-05-12 | Assigner fedora

HIGH: 7.6CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Problem types

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status

unaffected

Any version before 5.14.1

affected

Timeline

2024-05-15:	Reported to Red Hat.
2024-05-06:	Made public.

References

access.redhat.com/security/cve/CVE-2024-4982 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2279411

bugzilla.redhat.com/show_bug.cgi?id=2280726 (RHBZ#2280726) issue-tracking

pagure.io/pagure/c/c43844d23c919133fc983fe8c0f1dfb3b86e67d0

cve.org (CVE-2024-4982)

nvd.nist.gov (CVE-2024-4982)

Download JSON