CVE-2018-14912 Scanner

CGit is an open-source web front-end for git repositories that allows users to view repo files and commit history through a browser. It also enables users to search and view different branches of a project, as well as manage authorized users and access control. CGit is a lightweight, fast, and highly customizable web interface for git repositories. It is widely used by software development teams to manage multiple projects and track code changes across different branches.

CVE-2018-14912 is a critical vulnerability discovered in CGit before version 1.2.1. This vulnerability arises when `enable-http-clone=1` is enabled. Hackers can exploit a directory traversal vulnerability when they use a crafted HTTP request that allows them to retrieve files from outside of the intended directory tree. An attacker can use the `path=../` parameter to navigate to the root directory of the system hosting the CGit web application and view files outside of the intended scope. 

When this vulnerability is exploited, it can lead to unauthorized disclosure of sensitive information, such as access credentials, client details, and proprietary source code. Attackers can use this information to gain unauthorized access to different systems, which in turn can lead to more severe cyber-attacks. This vulnerability can also cause service denial to the application server, resulting in significant loss of revenue and reputation for affected businesses.

With the pro features of the securityforeveryone.com platform, users can easily and quickly stay informed about vulnerabilities in their digital assets. The platform provides real-time alerts, comprehensive vulnerability scanning, and expert guidance to help businesses identify and remediate any vulnerabilities promptly. Users can also leverage the platform to assess the security posture of their web applications and network infrastructure continually. The securityforeveryone.com platform is an essential tool for businesses looking to secure their digital assets and protect themselves from cyber-attacks.

REFERENCES

• https://bugs.chromium.org/p/project-zero/issues/detail?id=1627
• https://lists.debian.org/debian-lts-announce/2018/08/msg00005.html
• https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html
• https://www.debian.org/security/2018/dsa-4263
• https://www.exploit-db.com/exploits/45195/