{"id":"CVE-2018-16976","details":"Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access.","modified":"2026-03-15T22:19:28.893136Z","published":"2018-09-12T22:29:00.517Z","related":["MGASA-2018-0434","openSUSE-SU-2024:10789-1"],"references":[{"type":"WEB","url":"https://groups.google.com/forum/#%21topic/gitolite-announce/WrwDTYdbfRg"},{"type":"FIX","url":"https://bugs.debian.org/908699"},{"type":"FIX","url":"https://github.com/sitaramc/gitolite/commit/dc13dfca8fdae5634bb0865f7e9822d2a268ed59"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sitaramc/gitolite","events":[{"introduced":"0"},{"fixed":"144d8a202edaa30b19b0946051630da8ca561c6b"},{"fixed":"dc13dfca8fdae5634bb0865f7e9822d2a268ed59"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.6.9"}]}}],"versions":["v0.01","v0.02","v3.0","v3.01","v3.02","v3.03","v3.04","v3.1","v3.2","v3.3","v3.4","v3.5","v3.5.1","v3.5.2","v3.5.3","v3.5.3.1","v3.6","v3.6.1","v3.6.2","v3.6.3","v3.6.4","v3.6.5","v3.6.6","v3.6.7","v3.6.8"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16976.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}]}