CVE-2013-7203

Description

gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup.

How to fix CVE-2013-7203

To remediate CVE-2013-7203, upgrade the affected package to a fixed version below.

Debian/gitolite3—upgrade to 3.5.3.1-1 or later

Is CVE-2013-7203 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 3.5.3.1-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.5	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2013-7203