CVE-2024-4981

CWE-552Files Accessible to External Parties7 documents6 sources
Severity
7.1HIGH
EPSS
0.3%
top 49.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Pagure
Timeline
PublishedMay 12
Latest updateJan 29

Description

A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make visible content from outside the git repo.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:LExploitability: 2.8 | Impact: 4.7

Affected Packages3 packages

NVDredhat/pagure< 5.14.1
Debianpagure< 5.11.3+dfsg-1+deb11u1+1
Ubuntupagure< 5.11.3+dfsg-1ubuntu0.1+2

Patches

Patch: pagure.io

🔴Vulnerability Details

4
OSV
pagure vulnerabilities2026-01-29
GHSA
GHSA-vw7p-rwg9-7mrq: A vulnerability was discovered in Pagure server2025-05-12
CVEList
Pagure: _update_file_in_git() follows symbolic links in temporary clones2025-05-12
OSV
CVE-2024-4981: A vulnerability was discovered in Pagure server2025-05-12

📋Vendor Advisories

2
Ubuntu
Pagure vulnerabilities2026-01-29
Debian
CVE-2024-4981: pagure - A vulnerability was discovered in Pagure server. If a malicious user were to sub...2024