Candidate: CVE-2020-24614
PublicDate: 2020-08-25 14:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24614
 https://www.openwall.com/lists/oss-security/2020/08/20/1
 https://fossil-scm.org/forum/info/a05ae3ce7760daf6
 https://fossil-scm.org/fossil/vdiff?branch=sec2020-2.12-patch&diff=1&w
 http://www.openwall.com/lists/oss-security/2020/08/25/1
Description:
 Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows
 remote authenticated users to execute arbitrary code. An attacker must have
 check-in privileges on the repository.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_fossil:
upstream_fossil: released (1:2.12.1-1)
precise/esm_fossil: DNE
trusty_fossil: ignored (out of standard support)
trusty/esm_fossil: DNE
xenial_fossil: ignored (end of standard support, was needs-triage)
bionic_fossil: needs-triage
focal_fossil: needs-triage
groovy_fossil: not-affected (1:2.12.1-1)
hirsute_fossil: not-affected (1:2.12.1-1)
impish_fossil: not-affected (1:2.12.1-1)
jammy_fossil: not-affected (1:2.12.1-1)
devel_fossil: not-affected (1:2.12.1-1)