Kallithea Security Notice

Directory traversal

Synopsis

A vulnerability has been found in Kallithea.

Description

This vulnerability allows a normal user to clone a repository to a filesystem path outside the Kallithea repository root.

This issue was found and reported by:
Kacper Szurek (https://security.szurek.pl/).

Resolution

The issue is fixed by Mads Kiilerich in release 0.3.5. Users are advised to upgrade as soon as possible.

To detect a possible breach, users should verify the presence of newly created repositories on the filesystem outside of the configured Kallithea repository root.

Affected versions

As far as we know, the issue is present in all previously released Kallithea versions.

References

  1. Mercurial changeset fixing the issue https://kallithea-scm.org/repos/kallithea/changeset/083fbf531a5dc0550954373799e8727b7ccb8900