CVE-2024-4981

HIGH EPSS 25.6%
Published May 12, 20251y ago · Modified Jun 17, 20261w ago
7.1 CVSS 3.1
High
Find Similar
Published May 12, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make visible content from outside the git repo.

CVSS Details

Base Score
7.1
Exploitability
2.8
Impact
4.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
25.6% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-552

Affected Products 1

VendorProductVersionRange
redhatpagure* <5.14.1

References 4

  • access.redhat.com https://access.redhat.com/security/cve/CVE-2024-4981
    Vendor Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2278745
    Permissions Required
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2280723
    ExploitIssue Tracking
  • pagure.io https://pagure.io/pagure/c/454f2677bc50d7176f07da9784882eb2176537f4
    Patch

Remediation

  • pagure.io https://pagure.io/pagure/c/454f2677bc50d7176f07da9784882eb2176537f4
    Patch