* ls_cache should be disallowed by default
@ 2024-05-23 12:57 Konstantin Ryabitsev
0 siblings, 0 replies; only message in thread
From: Konstantin Ryabitsev @ 2024-05-23 12:57 UTC (permalink / raw)
To: cgit
Hello:
I was surprised to find out that anyone can call ls_cache and view the
contents of the cache directory, including the full path to each cache file.
Since an attacker can also control the cache content, either via query
string parameters, or by pushing contents into a repository served by cgit,
this can aide someone in delivering a payload that can be executed via some
other vulnerability.
Can this functionality be disabled by default and only available if
cache-allow-ls (or something similar) is set in cgitrc?
-K
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-05-23 12:58 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-05-23 12:57 ls_cache should be disallowed by default Konstantin Ryabitsev
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).