oss-sec mailing list archives

Re: Re: CVE Request -- cGit -- XSS flaw in rename hint

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Sun, 24 Jul 2011 15:56:12 +0200


Hi Lukas,

  thank you for this correction.

On 07/22/2011 10:35 PM, Lukas Fleischer wrote:

On Fri, Jul 22, 2011 at 06:48:38PM +0200, Jan Lieskovsky wrote:

Hello Josh, Steve, vendors,

   an cross-site scripting (XSS) flaw was found in the way cgit, a fast
web interface for Git, displayed the file name in the rename hint. A
remote attacker could provide a specially-crafted web page, which once
visited by an authenticated Cgit user, with push access to the
repository, would lead to arbitrary web script or HTML code execution.


I think you are a tad off, here. The vulnerability I discovered actually
is only exploitable *by* a user with push access as it requires to push
a commit that renames any file to a file with a malicious file name.


Have updated issue description in:
https://bugzilla.redhat.com/show_bug.cgi?id=725042#c0

Hoping of it to sound better now.

Thanks again && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team


The description (and the categorization of the vulnerability, which
definitely is a low severity one if it counts as a vulnerability at all)
should be corrected to reflect that.


References:
[1] http://hjemli.net/pipermail/cgit/2011-July/000276.html
[2] https://bugzilla.redhat.com/show_bug.cgi?id=725042

Could you allocate a CVE id for this?

Thank you&&  Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- cGit -- XSS flaw in rename hint Jan Lieskovsky (Jul 22)
- Re: CVE Request -- cGit -- XSS flaw in rename hint Josh Bressers (Jul 22)
- Re: CVE Request -- cGit -- XSS flaw in rename hint Lukas Fleischer (Jul 22)
  - Re: Re: CVE Request -- cGit -- XSS flaw in rename hint Jan Lieskovsky (Jul 24)
    - Re: Re: CVE Request -- cGit -- XSS flaw in rename hint Lukas Fleischer (Jul 24)