CVE-2020-9708

The resolveRepositoryPath function doesn't properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces the location of the repository.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/adobe/git-server/security/advisories/GHSA-cgj4-x2hh-2x93	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:adobe:git-server:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-08-14 17:15

Updated : 2024-02-28 17:47

NVD link : CVE-2020-9708

Mitre link : CVE-2020-9708

CVE.ORG link : CVE-2020-9708

JSON object : View

Products Affected

adobe

git-server

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-24

Path Traversal: '../filedir'

{"id": "CVE-2020-9708", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "psirt@adobe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2020-08-14T17:15:14.530", "references": [{"url": "https://github.com/adobe/git-server/security/advisories/GHSA-cgj4-x2hh-2x93", "tags": ["Third Party Advisory"], "source": "psirt@adobe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "psirt@adobe.com", "description": [{"lang": "en", "value": "CWE-24"}]}], "descriptions": [{"lang": "en", "value": "The resolveRepositoryPath function doesn't properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces the location of the repository."}, {"lang": "es", "value": "Una funci\u00f3n resolveRepositoryPath no comprueba apropiadamente una entrada del usuario y un usuario malicioso puede saltar a cualquier repositorio de Git comprobado fuera del repoRoot. Este problema puede conllevar a un acceso no autorizado a unos repositorios de Git privados siempre que el usuario malicioso tenga conocimiento o aplique fuerza bruta a la ubicaci\u00f3n del repositorio."}], "lastModified": "2020-08-21T14:55:04.073", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:git-server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42D8FA60-B00F-40B1-9EBB-1960F9B99E92", "versionEndExcluding": "1.3.1"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@adobe.com"}