cbcvebase.
CVE-2022-31268
published 2022-05-21

CVE-2022-31268: A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname).

PriorityP259high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
9.60%
94.9th percentile
A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname).

Affected

1 ranges
VendorProductVersion rangeFixed in
gitblitgitblit

Detection & IOCsextracted from sources · hover to see the quote

path/resources//../WEB-INF/web.xml
path/resources//../
  • HTTP GET request to the path traversal URL /resources//../WEB-INF/web.xml should return HTTP 200 with Content-Type: application/xml and body containing '<web-app', 'java.sun.com', and 'gitblit.properties' — all three strings must be present simultaneously.
  • Shodan queries 'http.html:"Gitblit"', 'http.title:"gitblit"', and 'http.html:"gitblit"' can be used to identify exposed Gitblit instances for proactive scanning.
  • FOFA queries 'title="gitblit"' and 'body="gitblit"', and Google dork 'intitle:"gitblit"' can surface additional exposed instances.
  • The traversal pattern uses double-slash after the /resources/ endpoint (i.e., /resources//../) to escape the intended directory; monitor web server access logs for this pattern targeting WEB-INF or META-INF paths.
  • ·The vulnerability is specific to Gitblit version 1.9.3 only; other versions are not confirmed affected by this CVE.
  • ·This is an unauthenticated, network-accessible vulnerability (no privileges or user interaction required), making it trivially exploitable from the internet.
  • ·The EPSS score of 0.90039 (99.58th percentile) indicates this vulnerability has a very high probability of exploitation in the wild; prioritize detection and patching accordingly.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.