Vulnerability CVE-2022-31267


Published: 2022-05-21   Modified: 2022-05-22

Description:
Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext 'attacker@example.com\n\trole = "#admin"' value.

 References:
https://github.com/gitblit/gitblit/issues/1410
https://github.com/gitblit/gitblit/releases/tag/v1.9.3

Copyright 2022, cxsecurity.com

 

Back to Top