CVE-2018-14912 — AI Deep Analysis Summary

🚨 **Essence**: CVE-2018-14912 is a **Directory Traversal** flaw in cgit. <br>💥 **Consequences**: Attackers can read **arbitrary files** from the server.…

🔍 **Root Cause**: The `cgit_clone_objects` function fails to sanitize input. <br>🛑 **Flaw**: It allows `../` sequences to escape the intended git objects directory.…

📦 **Affected**: cgit versions **prior to 1.2.1**. <br>⚙️ **Component**: The C-based Git web frontend. <br>🌐 **Scope**: Any instance running older versions with HTTP clone enabled.

🕵️ **Hackers Can**: Retrieve **any file** the web server process can read. <br>📂 **Data Impact**: Access to `/etc/passwd`, SSH keys, or internal git repositories.…

⚡ **Threshold**: **LOW**. <br>🔑 **Auth**: No authentication required. <br>⚙️ **Config**: Only requires `enable-http-clone=1` (default in many setups). <br>🌍 **Access**: Publicly accessible via URL manipulation.

📢 **Public Exp?**: **YES**. <br>🔗 **PoC**: Available on Exploit-DB (ID 45195) and Project Zero. <br>🛠️ **Tool**: Nuclei templates exist for automated scanning. <br>🔥 **Status**: Actively exploitable in the wild.

🔎 **Self-Check**: Scan for `cgit/cgit.cgi/git/objects/?path=../`. <br>📡 **Indicator**: Look for HTTP clone functionality enabled. <br>🧪 **Test**: Send a request with `../` in the path parameter.…

✅ **Fixed**: **YES**. <br>📦 **Patch**: Upgrade to cgit **v1.2.1** or later. <br>📜 **Advisory**: Debian DSA-4263 and upstream fixes are available. <br>🔄 **Action**: Immediate update recommended.

🛡️ **No Patch?**: Disable `enable-http-clone` in config. <br>🚫 **Mitigation**: Set `enable-http-clone=0`. <br>🧱 **WAF**: Block requests containing `../` in the `path` parameter for git objects.…

🚨 **Urgency**: **HIGH**. <br>⏱️ **Priority**: Fix immediately. <br>📉 **Risk**: Easy exploitation + High impact (Data Leak). <br>📢 **Note**: Public exploits exist. Do not wait for scheduled maintenance.