Vulnerability Name:
CVE-2011-2711 (CCN-68754)
Assigned:
2011-07-22
Published:
2011-07-22
Updated:
2017-08-29
Summary:
Cross-site scripting (XSS) vulnerability in the print_fileinfo function in ui-diff.c in cgit 0.9.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the filename associated with the rename hint.
CVSS v3 Severity:
5.3 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Low
Availibility (A):
None
CVSS v2 Severity:
3.5 Low
(CVSS v2 Vector:
AV:N/AC:M/Au:S/C:N/I:P/A:N
)
3.0 Low
(Temporal CVSS v2 Vector:
AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Authentication (Au):
Single_Instance
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Partial
Availibility (A):
None
4.3 Medium
(CCN CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
)
3.7 Low
(CCN Temporal CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Partial
Availibility (A):
None
Vulnerability Type:
CWE-79
Vulnerability Consequences:
Gain Access
References:
Source: MITRE
Type: CNA
CVE-2011-2711
Source: CCN
Type: cgit GIT Repository
Git repository browser
Source: CONFIRM
Type: Patch
http://hjemli.net/git/cgit/commit/?h=stable&id=bebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5
Source: CCN
Type: cgit Mailing List, Fri Jul 22 11:47:19 UTC 2011
Fix potential XSS vulnerability in rename hint
Source: CCN
Type: Lukas Fleischer cgit at cryptocrack.de
[PATCH] Fix potential XSS vulnerability in rename hint
Source: MLIST
Type: Patch
[cgit] 20110722 [PATCH] Fix potential XSS vulnerability in rename hint
Source: CCN
Type: SA45358
cgit Rename Hint Script Insertion Vulnerability
Source: SECUNIA
Type: Vendor Advisory
45358
Source: SECUNIA
Type: UNKNOWN
45541
Source: MLIST
Type: Patch
[oss-security] 20110722 CVE Request -- cGit -- XSS flaw in rename hint
Source: MLIST
Type: UNKNOWN
[oss-security] 20110722 Re: CVE Request -- cGit -- XSS flaw in rename hint
Source: MLIST
Type: Patch
[oss-security] 20110722 Re: CVE Request -- cGit -- XSS flaw in rename hint
Source: MLIST
Type: Patch
[oss-security] 20110724 Re: Re: CVE Request -- cGit -- XSS flaw in rename hint
Source: MLIST
Type: Patch
[oss-security] 20110724 Re: Re: CVE Request -- cGit -- XSS flaw in rename hint
Source: OSVDB
Type: Patch
74050
Source: CCN
Type: OSVDB ID: 74050
cgit ui-diff.c print_fileinfo Function Rename Hint XSS
Source: BID
Type: UNKNOWN
48866
Source: CCN
Type: BID-48866
cgit HTML Injection Vulnerability
Source: CONFIRM
Type: Patch
https://bugzilla.redhat.com/show_bug.cgi?id=725042
Source: XF
Type: UNKNOWN
cgit-renamehint-xss(68754)
Source: XF
Type: UNKNOWN
cgit-renamehint-xss(68754)
Source: SUSE
Type: UNKNOWN
openSUSE-SU-2011:0891
Vulnerable Configuration:
Configuration 1
:
cpe:/a:lars_hjemli:cgit:0.1:*:*:*:*:*:*:*
OR
cpe:/a:lars_hjemli:cgit:0.2:*:*:*:*:*:*:*
OR
cpe:/a:lars_hjemli:cgit:0.3:*:*:*:*:*:*:*
OR
cpe:/a:lars_hjemli:cgit:0.4:*:*:*:*:*:*:*
OR
cpe:/a:lars_hjemli:cgit:0.5:*:*:*:*:*:*:*
OR
cpe:/a:lars_hjemli:cgit:0.6:*:*:*:*:*:*:*
OR
cpe:/a:lars_hjemli:cgit:0.6.1:*:*:*:*:*:*:*
OR
cpe:/a:lars_hjemli:cgit:0.6.2:*:*:*:*:*:*:*
OR
cpe:/a:lars_hjemli:cgit:0.6.3:*:*:*:*:*:*:*
OR
cpe:/a:lars_hjemli:cgit:0.7:*:*:*:*:*:*:*
OR
cpe:/a:lars_hjemli:cgit:0.7.1:*:*:*:*:*:*:*
OR
cpe:/a:lars_hjemli:cgit:0.7.2:*:*:*:*:*:*:*
OR
cpe:/a:lars_hjemli:cgit:0.8:*:*:*:*:*:*:*
OR
cpe:/a:lars_hjemli:cgit:0.8.1:*:*:*:*:*:*:*
OR
cpe:/a:lars_hjemli:cgit:0.8.1.1:*:*:*:*:*:*:*
OR
cpe:/a:lars_hjemli:cgit:0.8.2:*:*:*:*:*:*:*
OR
cpe:/a:lars_hjemli:cgit:0.8.2.1:*:*:*:*:*:*:*
OR
cpe:/a:lars_hjemli:cgit:0.8.2.2:*:*:*:*:*:*:*
OR
cpe:/a:lars_hjemli:cgit:0.8.3:*:*:*:*:*:*:*
OR
cpe:/a:lars_hjemli:cgit:0.8.3.1:*:*:*:*:*:*:*
OR
cpe:/a:lars_hjemli:cgit:0.8.3.2:*:*:*:*:*:*:*
OR
cpe:/a:lars_hjemli:cgit:0.8.3.3:*:*:*:*:*:*:*
OR
cpe:/a:lars_hjemli:cgit:0.8.3.4:*:*:*:*:*:*:*
OR
cpe:/a:lars_hjemli:cgit:0.8.3.5:*:*:*:*:*:*:*
OR
cpe:/a:lars_hjemli:cgit:0.9:*:*:*:*:*:*:*
OR
cpe:/a:lars_hjemli:cgit:0.9.0.1:*:*:*:*:*:*:*
OR
cpe:/a:lars_hjemli:cgit:*:*:*:*:*:*:*:*
(Version <= 0.9.0.2)
Denotes that component is vulnerable
Oval Definitions
Definition ID
Class
Title
Last Modified
oval:org.opensuse.security:def:20112711
V
CVE-2011-2711
2022-06-30
oval:org.opensuse.security:def:112058
P
cgit-1.0-1.3 on GA media (Moderate)
2022-01-17
oval:org.opensuse.security:def:105608
P
cgit-1.0-1.3 on GA media (Moderate)
2021-10-01
BACK
lars_hjemli
cgit 0.1
lars_hjemli
cgit 0.2
lars_hjemli
cgit 0.3
lars_hjemli
cgit 0.4
lars_hjemli
cgit 0.5
lars_hjemli
cgit 0.6
lars_hjemli
cgit 0.6.1
lars_hjemli
cgit 0.6.2
lars_hjemli
cgit 0.6.3
lars_hjemli
cgit 0.7
lars_hjemli
cgit 0.7.1
lars_hjemli
cgit 0.7.2
lars_hjemli
cgit 0.8
lars_hjemli
cgit 0.8.1
lars_hjemli
cgit 0.8.1.1
lars_hjemli
cgit 0.8.2
lars_hjemli
cgit 0.8.2.1
lars_hjemli
cgit 0.8.2.2
lars_hjemli
cgit 0.8.3
lars_hjemli
cgit 0.8.3.1
lars_hjemli
cgit 0.8.3.2
lars_hjemli
cgit 0.8.3.3
lars_hjemli
cgit 0.8.3.4
lars_hjemli
cgit 0.8.3.5
lars_hjemli
cgit 0.9
lars_hjemli
cgit 0.9.0.1
lars_hjemli
cgit *
Denotes that component is vulnerable