CVE-2020-9708

HIGH Year: 2020
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-24
View all →

Vulnerability Description

The resolveRepositoryPath function doesn't properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces the location of the repository.

Related Vulnerabilities

CVE-2014-125033

HIGH
CVSS:7.5(High)

A vulnerability was found in rails-cv-app. It has been rated as problematic. Affected by this issue is some unknown functionality of the file app/controllers/uploaded_files_controller.rb. The manipula...

CWE-242014

CVE-2018-25094

HIGH
CVSS:7.5(High)

A vulnerability was found in ระบบบัญชีออนไลน์ Online Accounting System up to 1.4.0 and classified as problematic. This issue affects some unknown processing of the file ckeditor/filemanager/browser/de...

CWE-242018

CVE-2019-25087

HIGH
CVSS:7.5(High)

A vulnerability was found in RamseyK httpserver. It has been rated as critical. This issue affects the function ResourceHost::getResource of the file src/ResourceHost.cpp of the component URI Handler....

CWE-242019

CVE-2021-29466

HIGH
CVSS:7.5(High)

Discord-Recon is a bot for the Discord chat service. In versions of Discord-Recon 0.0.3 and prior, a remote attacker is able to read local files from the server that can disclose important information...

CWE-242021

CVE-2023-3239

HIGH
CVSS:7.5(High)

A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Affected is an unknown function of the file admin/readDeal.php?mudi=readQrCode. The manipulation of the argument im...

CWE-242023

CVE-2024-0341

HIGH
CVSS:7.5(High)

A vulnerability was found in Inis up to 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /app/api/controller/default/File.php of the component GET Reques...

CWE-242024