Yyhylh

**Name of the Vulnerable Software and Affected Versions** Gitblit version 1.9.2 **Description** The issue allows privilege escalation via the Config User Service. A control character can be placed in a profile data field, such as an `emailAddress` value, to potentially gain elevated access. For example, an attacker could use a value like `attacker@example.com trole = "#admin"` to exploit this issue. **Recommendations** For Gitblit version 1.9.2, as a temporary workaround, consider restricting the use of control characters in profile data fields until a patch is available. Avoid using the `emailAddress` field in a way that could allow privilege escalation until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.