Hello: I was surprised to find out that anyone can call ls_cache and view the contents of the cache directory, including the full path to each cache file. Since an attacker can also control the cache content, either via query string parameters, or by pushing contents into a repository served by cgit, this can aide someone in delivering a payload that can be executed via some other vulnerability.
Can this functionality be disabled by default and only available if cache-allow-ls (or something similar) is set in cgitrc? -K
