1. CVE-Search
  2. CVE-2012-4548
ID CVE-2012-4548
Summary Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in argument to the highlight command. Per http://cwe.mitre.org/data/definitions/88.html'CWE-88: Argument Injection or Modification'
References
Vulnerable Configurations
  • cpe:2.3:a:lars_hjemli:cgit:0.1:*:*:*:*:*:*:*
    cpe:2.3:a:lars_hjemli:cgit:0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:lars_hjemli:cgit:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:lars_hjemli:cgit:0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:lars_hjemli:cgit:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:lars_hjemli:cgit:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:lars_hjemli:cgit:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:lars_hjemli:cgit:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:lars_hjemli:cgit:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:lars_hjemli:cgit:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:lars_hjemli:cgit:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:lars_hjemli:cgit:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:lars_hjemli:cgit:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:lars_hjemli:cgit:0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:lars_hjemli:cgit:0.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:lars_hjemli:cgit:0.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:lars_hjemli:cgit:0.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:lars_hjemli:cgit:0.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:lars_hjemli:cgit:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:lars_hjemli:cgit:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:lars_hjemli:cgit:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:lars_hjemli:cgit:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:lars_hjemli:cgit:0.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:lars_hjemli:cgit:0.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:lars_hjemli:cgit:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:lars_hjemli:cgit:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:lars_hjemli:cgit:0.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:lars_hjemli:cgit:0.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:lars_hjemli:cgit:0.8.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:lars_hjemli:cgit:0.8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:lars_hjemli:cgit:0.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:lars_hjemli:cgit:0.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:lars_hjemli:cgit:0.8.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:lars_hjemli:cgit:0.8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:lars_hjemli:cgit:0.8.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:lars_hjemli:cgit:0.8.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:lars_hjemli:cgit:0.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:lars_hjemli:cgit:0.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:lars_hjemli:cgit:0.8.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:lars_hjemli:cgit:0.8.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:lars_hjemli:cgit:0.8.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:lars_hjemli:cgit:0.8.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:lars_hjemli:cgit:0.8.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:lars_hjemli:cgit:0.8.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:lars_hjemli:cgit:0.8.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:lars_hjemli:cgit:0.8.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:lars_hjemli:cgit:0.8.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:lars_hjemli:cgit:0.8.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:lars_hjemli:cgit:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:lars_hjemli:cgit:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:lars_hjemli:cgit:0.9.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:lars_hjemli:cgit:0.9.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:lars_hjemli:cgit:0.9.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:lars_hjemli:cgit:0.9.0.2:*:*:*:*:*:*:*
CVSS
Base: 6.0 (as of 29-08-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:S/C:P/I:P/A:P
refmap via4
bid 56315
confirm http://git.zx2c4.com/cgit/commit/?id=7ea35f9f8ecf61ab42be9947aae1176ab6e089bd
misc https://bugzilla.redhat.com/show_bug.cgi?id=870713
mlist
  • [oss-security] 20121027 CVE Request: cgit command injection
  • [oss-security] 20121028 Re: CVE Request: cgit command injection
secunia
  • 50734
  • 51167
  • 51222
suse
  • openSUSE-SU-2012:1421
  • openSUSE-SU-2012:1422
  • openSUSE-SU-2012:1460
  • openSUSE-SU-2012:1461
xf cgit-syntaxhighlighting-command-exec(79665)
Last major update 29-08-2017 - 01:32
Published 11-11-2012 - 13:00
Last modified 29-08-2017 - 01:32
Back to Top