CVE-2022-31267

Name of the Vulnerable Software and Affected Versions Gitblit version 1.9.2

Description The issue allows privilege escalation via the Config User Service. A control character can be placed in a profile data field, such as an emailAddress value, to potentially gain elevated access. For example, an attacker could use a value like attacker@example.com trole = "#admin" to exploit this issue.

Recommendations For Gitblit version 1.9.2, as a temporary workaround, consider restricting the use of control characters in profile data fields until a patch is available. Avoid using the emailAddress field in a way that could allow privilege escalation until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.