mailing list archives
Re: CVE Request -- cGit -- XSS flaw in rename hint
From: Lukas Fleischer <cgit () cryptocrack de>
Date: Fri, 22 Jul 2011 22:35:44 +0200
On Fri, Jul 22, 2011 at 06:48:38PM +0200, Jan Lieskovsky wrote:
Hello Josh, Steve, vendors,
an cross-site scripting (XSS) flaw was found in the way cgit, a fast
web interface for Git, displayed the file name in the rename hint. A
remote attacker could provide a specially-crafted web page, which once
visited by an authenticated Cgit user, with push access to the
repository, would lead to arbitrary web script or HTML code execution.
I think you are a tad off, here. The vulnerability I discovered actually
is only exploitable *by* a user with push access as it requires to push
a commit that renames any file to a file with a malicious file name.
The description (and the categorization of the vulnerability, which
definitely is a low severity one if it counts as a vulnerability at all)
should be corrected to reflect that.
Could you allocate a CVE id for this?
Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team