On Sat, Aug 04, 2018 at 09:10:09AM +0200, Landry Breuil wrote: > On Fri, Aug 03, 2018 at 10:45:46PM +0200, Klemens Nanni wrote: > > 1.2.1 fixes a directory traversal bug: > > https://bugs.chromium.org/p/project-zero/issues/detail?id=1627 > > I've tried exploiting the bug locally and didnt manage to read files > from /var/www, but whatever. cgit still works with the update, so ok. >
Whoops, spoke too fast, it is indeed pretty bad: $curl https://fqdn/repo/objects/?path=../../../../etc/resolv.conf <contents of resolv.conf in the chroot> And it is fixed by the update, which returns a 400 error code now.