InDefero Source Access Security Bypass
Release Date : 2010-02-22
Criticality level : Less critical
Impact : Security Bypass
Where : From remote
Solution Status : Vendor Patch
Software : InDefero 0.x
A security issue has been reported in InDefero, which can be exploited by malicious users to bypass certain security restrictions.
The security issue is caused due to an error in the git serving component, which can be exploited to gain access to private sources that are marked "read only" for certain users, if the short name of the project is known.
Successful exploitation requires user access to the forge and a valid SSH key.
The security issue is reported in versions prior to 0.8.10.
Update to version 0.8.10 or apply the patch.