What is CVE-2018-14912?

CVE-2018-14912 is a vulnerability in N/a. Published 2018-08-03.

Is CVE-2018-14912 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-14912

cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.

EPSS: 0.911 (99.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
20142995/nuclei-templates
ARPSyndicate/kenzer-templates

References

[debian-lts-announce] 20180806 [SECURITY] [DLA-1459-1] cgit security update (mailing-list, x_refsource_MLIST)
45195 (exploit, x_refsource_EXPLOIT-DB)
DSA-4263 (vendor-advisory, x_refsource_DEBIAN)
bugs.chromium.org/p/project-zero/issues/detail (x_refsource_MISC)
lists.zx2c4.com/pipermail/cgit/2018-August/004176.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-14912?: CVE-2018-14912 is a vulnerability in N/a. Published 2018-08-03.
Is CVE-2018-14912 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.