A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 07 Aug 2025 00:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat pagure
CPEs cpe:2.3:a:redhat:pagure:*:*:*:*:*:*:*:*
Vendors & Products Redhat
Redhat pagure

Mon, 12 May 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 12 May 2025 19:15:00 +0000

Type Values Removed Values Added
Description A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server.
Title Pagure: path traversal in view_issue_raw_file()
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: fedora

Published:

Updated: 2025-05-12T19:16:28.730Z

Reserved: 2024-05-15T22:54:26.023Z

Link: CVE-2024-4982

cve-icon Vulnrichment

Updated: 2025-05-12T19:16:21.270Z

cve-icon NVD

Status : Analyzed

Published: 2025-05-12T19:15:48.293

Modified: 2025-08-07T00:09:39.427

Link: CVE-2024-4982

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.