oss-sec mailing list archives
Re: Re: CVE Request -- cGit -- XSS flaw in rename hint
From: Lukas Fleischer <cgit () cryptocrack de>
Date: Sun, 24 Jul 2011 16:50:33 +0200
On Sun, Jul 24, 2011 at 03:56:12PM +0200, Jan Lieskovsky wrote:
Hi Lukas, thank you for this correction. On 07/22/2011 10:35 PM, Lukas Fleischer wrote:On Fri, Jul 22, 2011 at 06:48:38PM +0200, Jan Lieskovsky wrote:Hello Josh, Steve, vendors, an cross-site scripting (XSS) flaw was found in the way cgit, a fast web interface for Git, displayed the file name in the rename hint. A remote attacker could provide a specially-crafted web page, which once visited by an authenticated Cgit user, with push access to the repository, would lead to arbitrary web script or HTML code execution.I think you are a tad off, here. The vulnerability I discovered actually is only exploitable *by* a user with push access as it requires to push a commit that renames any file to a file with a malicious file name.Have updated issue description in: https://bugzilla.redhat.com/show_bug.cgi?id=725042#c0 Hoping of it to sound better now.
Better now. This is how I'd phrase it: ---- A cross-site scripting (XSS) vulnerability was found in cgit, a fast web interface for Git, allowing a remote attacker with push access to a repository to inject arbitrary HTML code. The new file name in rename hints is not escaped and can be exploited by renaming some file to a file with specially-crafted file name, thus leading to a permanent XSS. ---- By the way, this is already fixed in current stable [1] (just because nobody mentioned it yet). [1] http://hjemli.net/git/cgit/commit/?id=bebe89d7
Current thread:
- CVE Request -- cGit -- XSS flaw in rename hint Jan Lieskovsky (Jul 22)
- Re: CVE Request -- cGit -- XSS flaw in rename hint Josh Bressers (Jul 22)
- Re: CVE Request -- cGit -- XSS flaw in rename hint Lukas Fleischer (Jul 22)
- Re: Re: CVE Request -- cGit -- XSS flaw in rename hint Jan Lieskovsky (Jul 24)
- Re: Re: CVE Request -- cGit -- XSS flaw in rename hint Lukas Fleischer (Jul 24)
- Re: Re: CVE Request -- cGit -- XSS flaw in rename hint Jan Lieskovsky (Jul 24)