CVE-2024-4982 - Vulnerability Details - OpenCVE

A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00177.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Pagure

Configuration 1 [-]

cpe:2.3:a:redhat:pagure:*:*:*:*:*:*:*:*

No data.

No data.

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2024-4982
https://bugzilla.redhat.com/show_bug.cgi?id=2279411
https://bugzilla.redhat.com/show_bug.cgi?id=2280726
https://pagure.io/pagure/c/c43844d23c919133fc983fe8c0f1dfb3b86e67d0

History

Thu, 07 Aug 2025 00:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat pagure
CPEs		cpe:2.3:a:redhat:pagure::::::::
Vendors & Products		Redhat Redhat pagure

Mon, 12 May 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 12 May 2025 19:15:00 +0000

Type	Values Removed	Values Added
Description		A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server.
Title		Pagure: path traversal in view_issue_raw_file()
Weaknesses		CWE-22
References		https://access.redhat.com/security/cve/CVE-2024-4982 https://bugzilla.redhat.com/show_bug.cgi?id=2279411 https://bugzilla.redhat.com/show_bug.cgi?id=2280726 https://pagure.io/pagure/c/c43844d23c919133fc983fe8c0f1dfb3b86e67d0
Metrics		cvssV3_1 `{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L'}`

MITRE

Status: PUBLISHED

Assigner: fedora

Published: 2025-05-12T19:01:45.824Z

Updated: 2025-05-12T19:16:28.730Z

Reserved: 2024-05-15T22:54:26.023Z

Link: CVE-2024-4982

Vulnrichment

Updated: 2025-05-12T19:16:21.270Z

NVD

Status : Analyzed

Published: 2025-05-12T19:15:48.293

Modified: 2025-08-07T00:09:39.427

Link: CVE-2024-4982

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4982", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "state": "PUBLISHED", "assignerShortName": "fedora", "dateReserved": "2024-05-15T22:54:26.023Z", "datePublished": "2025-05-12T19:01:45.824Z", "dateUpdated": "2025-05-12T19:16:28.730Z"}, "containers": {"cna": {"title": "Pagure: path traversal in view_issue_raw_file()", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server."}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "5.14.1", "versionType": "semver"}], "packageName": "pagure", "collectionURL": "https://pagure.io/pagure", "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-4982", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279411"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280726", "name": "RHBZ#2280726", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://pagure.io/pagure/c/c43844d23c919133fc983fe8c0f1dfb3b86e67d0"}], "datePublic": "2024-05-06T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "timeline": [{"lang": "en", "time": "2024-05-15T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-05-06T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2025-05-12T19:01:45.824Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-12T19:16:16.496352Z", "id": "CVE-2024-4982", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-12T19:16:28.730Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4982", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-12T19:16:16.496352Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-12T19:16:21.270Z"}}], "cna": {"title": "Pagure: path traversal in view_issue_raw_file()", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "5.14.1", "versionType": "semver"}], "packageName": "pagure", "collectionURL": "https://pagure.io/pagure", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-05-15T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-05-06T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-05-06T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-4982", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279411"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280726", "name": "RHBZ#2280726", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://pagure.io/pagure/c/c43844d23c919133fc983fe8c0f1dfb3b86e67d0"}], "descriptions": [{"lang": "en", "value": "A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2025-05-12T19:01:45.824Z"}, "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}}, "cveMetadata": {"cveId": "CVE-2024-4982", "state": "PUBLISHED", "dateUpdated": "2025-05-12T19:16:28.730Z", "dateReserved": "2024-05-15T22:54:26.023Z", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "datePublished": "2025-05-12T19:01:45.824Z", "assignerShortName": "fedora"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:pagure:*:*:*:*:*:*:*:*", "matchCriteriaId": "A61F7BF7-CFE3-4462-948E-F87E8F9A0891", "versionEndExcluding": "5.14.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server."}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad de directory traversal en el servidor Pagure. Si un usuario malintencionado env\u00eda un repositorio Git especialmente manipulado, podr\u00eda descubrir secretos en el servidor."}], "id": "CVE-2024-4982", "lastModified": "2025-08-07T00:09:39.427", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "patrick@puiterwijk.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-05-12T19:15:48.293", "references": [{"source": "patrick@puiterwijk.org", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2024-4982"}, {"source": "patrick@puiterwijk.org", "tags": ["Permissions Required"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279411"}, {"source": "patrick@puiterwijk.org", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280726"}, {"source": "patrick@puiterwijk.org", "tags": ["Patch"], "url": "https://pagure.io/pagure/c/c43844d23c919133fc983fe8c0f1dfb3b86e67d0"}], "sourceIdentifier": "patrick@puiterwijk.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "patrick@puiterwijk.org", "type": "Secondary"}]}