CVE-2024-4981 HIGH

CVE-2024-4981: Pagure: _update_file_in_git() follows symbolic links in temporary clones

Weakness CWE-552 · Files accessible externally
Published May 12, 2025
Last update May 12, 2025

CVSS base score

7.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make visible content from outside the git repo.

Key dates

02Disclosure timeline

May 12, 2025 CVE published
May 12, 2025 Record updated