A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make visible content from outside the git repo.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 07 Aug 2025 00:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat pagure
CPEs cpe:2.3:a:redhat:pagure:*:*:*:*:*:*:*:*
Vendors & Products Redhat
Redhat pagure

Mon, 12 May 2025 19:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 12 May 2025 19:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make visible content from outside the git repo.
Title Pagure: _update_file_in_git() follows symbolic links in temporary clones
Weaknesses CWE-552
References
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: fedora

Published:

Updated: 2025-05-12T19:05:43.641Z

Reserved: 2024-05-15T22:44:08.761Z

Link: CVE-2024-4981

cve-icon Vulnrichment

Updated: 2025-05-12T19:05:37.289Z

cve-icon NVD

Status : Analyzed

Published: 2025-05-12T19:15:47.747

Modified: 2025-08-07T00:19:37.390

Link: CVE-2024-4981

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.