CVE-2024-4981
📋 TL;DR
This vulnerability in Pagure server allows authenticated malicious users to create symbolic links in git repositories that expose files outside the repository directory. This affects all Pagure server instances with git repository functionality enabled. The vulnerability enables unauthorized access to sensitive server files.
💻 Affected Systems
- Pagure server
📦 What is this software?
Pagure by Redhat
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise through exposure of sensitive configuration files, SSH keys, or database credentials stored on the server filesystem.
Likely Case
Unauthorized access to sensitive files outside git repositories, potentially exposing configuration data, logs, or other restricted content.
If Mitigated
Limited exposure of non-critical files if proper file permissions and access controls are implemented.
🎯 Exploit Status
Requires authenticated user account with repository creation permissions. Exploitation involves creating a git repository with malicious symbolic links.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Commit 454f2677bc50d7176f07da9784882eb2176537f4
Vendor Advisory: https://access.redhat.com/security/cve/CVE-2024-4981
Restart Required: Yes
Instructions:
1. Update Pagure to commit 454f2677bc50d7176f07da9784882eb2176537f4 or later. 2. Restart Pagure service. 3. Verify the fix by checking git repository handling.
🔧 Temporary Workarounds
Disable repository creation
linuxTemporarily disable new repository creation for non-admin users
Modify Pagure configuration to restrict repository creation permissions
File system restrictions
linuxImplement strict file permissions and SELinux/apparmor policies
chmod 750 /var/lib/pagure
setenforce 1
Configure appropriate SELinux/apparmor rules
🧯 If You Can't Patch
- Implement strict access controls and audit repository creation activities
- Monitor file system access patterns and implement intrusion detection for unusual symlink activity
🔍 How to Verify
Check if Vulnerable:
Check if Pagure version is before commit 454f2677bc50d7176f07da9784882eb2176537f4Check Version:
git log --oneline -1Verify Fix Applied:
Test creating a repository with symbolic links - server should reject or properly handle them📡 Detection & Monitoring
Log Indicators:
- Unusual repository creation patterns
- Multiple symlink creation attempts
- Access to files outside repository paths
Network Indicators:
- Increased git push activity from single users
- Unusual file retrieval patterns
SIEM Query:
source="pagure.log" AND ("symlink" OR ".." OR "../") AND action="push"