2.25.3-alt1 built April 15, 2020 Dmitry V. Levin in task [#249983](<https://git.altlinux.org/tasks/249983/>)
---
March 18, 2020 Dmitry V. Levin
- 2.25.2 -> 2.25.3 (fixes: CVE-2020-5260).
{"checkpoint_advisories": [{"lastseen": "2022-02-16T19:36:42", "description": "An information disclosure vulnerability exists in Git. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-12-06T00:00:00", "type": "checkpoint_advisories", "title": "Git Information Disclosure (CVE-2020-5260)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2020-12-06T00:00:00", "id": "CPAI-2020-1260", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "slackware": [{"lastseen": "2023-02-08T16:13:44", "description": "New git packages are available for Slackware 14.0, 14.1, 14.2, and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/git-2.17.4-i586-1_slack14.2.txz: Upgraded.\n This update fixes a security issue:\n With a crafted URL that contains a newline in it, the credential helper\n machinery can be fooled to give credential information for a wrong host.\n The attack has been made impossible by forbidding a newline character in\n any value passed via the credential protocol. Credit for finding the\n vulnerability goes to Felix Wilhelm of Google Project Zero.\n For more information, see:\n https://vulners.com/cve/CVE-2020-5260\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/git-2.17.4-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/git-2.17.4-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/git-2.17.4-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/git-2.17.4-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/git-2.17.4-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/git-2.17.4-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/git-2.26.1-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/git-2.26.1-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\nd4df6c5651885a0c54c9060b809f7933 git-2.17.4-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n153d1609e59015641a77e872bc6bf192 git-2.17.4-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nc446d4c48b7c2184bb923496f135a53b git-2.17.4-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n22d67ae1bcb09089799d02bf08106d5b git-2.17.4-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n5eb04182f95e73ff27bdef3d2aa29afb git-2.17.4-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n44dffc40138f48c49f6e1c7dc07eb3cf git-2.17.4-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n32c297677f194cfe5ee513ba4618a661 d/git-2.26.1-i586-1.txz\n\nSlackware x86_64 -current package:\nd911b45dfe08bc8ff139d4c10ee1618e d/git-2.26.1-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg git-2.17.4-i586-1_slack14.2.txz", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-14T23:09:34", "type": "slackware", "title": "[slackware-security] git", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2020-04-14T23:09:34", "id": "SSA-2020-105-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2020&m=slackware-security.438101", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-08T16:13:43", "description": "New git packages are available for Slackware 14.0, 14.1, 14.2, and -current to\nfix a security issue.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/git-2.17.5-i586-1_slack14.2.txz: Upgraded.\n This update fixes a security issue:\n With a crafted URL that contains a newline or empty host, or lacks\n a scheme, the credential helper machinery can be fooled into\n providing credential information that is not appropriate for the\n protocol in use and host being contacted.\n Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the\n credentials are not for a host of the attacker's choosing; instead,\n they are for some unspecified host (based on how the configured\n credential helper handles an absent \"host\" parameter).\n For more information, see:\n https://vulners.com/cve/CVE-2020-11008\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/git-2.17.5-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/git-2.17.5-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/git-2.17.5-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/git-2.17.5-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/git-2.17.5-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/git-2.17.5-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/git-2.26.2-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/git-2.26.2-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\n558c3fb44c4b314f7da5c3c807eeecc0 git-2.17.5-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nbea3f89056978279971e2c5a98321459 git-2.17.5-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n35ca91631aa102f23a8ceac0ace0d574 git-2.17.5-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n0a75156767ea9ff4f0e9d5f965527f52 git-2.17.5-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\nca39eba5ffe65eef6151f5118c7da317 git-2.17.5-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n516cf56c833774225eb352c7d1ab0392 git-2.17.5-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n450a483052c7b3e779bb0519fbb02638 d/git-2.26.2-i586-1.txz\n\nSlackware x86_64 -current package:\n08382f2cb3766063aadabf3c3d36c602 d/git-2.26.2-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg git-2.17.5-i586-1_slack14.2.txz", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-22T03:14:47", "type": "slackware", "title": "[slackware-security] git", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11008", "CVE-2020-5260"], "modified": "2020-04-22T03:14:47", "id": "SSA-2020-112-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2020&m=slackware-security.449248", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "amazon": [{"lastseen": "2023-02-08T17:36:14", "description": "**Issue Overview:**\n\nWith a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host. The attack has been made impossible by forbidding a newline character in any value passed via the credential protocol. (CVE-2020-5260)\n\n \n**Affected Packages:** \n\n\ngit\n\n \n**Issue Correction:** \nRun _yum update git_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 git-2.23.1-1.amzn2.0.2.aarch64 \n \u00a0\u00a0\u00a0 git-core-2.23.1-1.amzn2.0.2.aarch64 \n \u00a0\u00a0\u00a0 git-daemon-2.23.1-1.amzn2.0.2.aarch64 \n \u00a0\u00a0\u00a0 git-subtree-2.23.1-1.amzn2.0.2.aarch64 \n \u00a0\u00a0\u00a0 git-debuginfo-2.23.1-1.amzn2.0.2.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 git-2.23.1-1.amzn2.0.2.i686 \n \u00a0\u00a0\u00a0 git-core-2.23.1-1.amzn2.0.2.i686 \n \u00a0\u00a0\u00a0 git-daemon-2.23.1-1.amzn2.0.2.i686 \n \u00a0\u00a0\u00a0 git-subtree-2.23.1-1.amzn2.0.2.i686 \n \u00a0\u00a0\u00a0 git-debuginfo-2.23.1-1.amzn2.0.2.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 git-all-2.23.1-1.amzn2.0.2.noarch \n \u00a0\u00a0\u00a0 git-core-doc-2.23.1-1.amzn2.0.2.noarch \n \u00a0\u00a0\u00a0 git-cvs-2.23.1-1.amzn2.0.2.noarch \n \u00a0\u00a0\u00a0 git-email-2.23.1-1.amzn2.0.2.noarch \n \u00a0\u00a0\u00a0 gitk-2.23.1-1.amzn2.0.2.noarch \n \u00a0\u00a0\u00a0 gitweb-2.23.1-1.amzn2.0.2.noarch \n \u00a0\u00a0\u00a0 git-gui-2.23.1-1.amzn2.0.2.noarch \n \u00a0\u00a0\u00a0 git-instaweb-2.23.1-1.amzn2.0.2.noarch \n \u00a0\u00a0\u00a0 git-p4-2.23.1-1.amzn2.0.2.noarch \n \u00a0\u00a0\u00a0 perl-Git-2.23.1-1.amzn2.0.2.noarch \n \u00a0\u00a0\u00a0 perl-Git-SVN-2.23.1-1.amzn2.0.2.noarch \n \u00a0\u00a0\u00a0 git-svn-2.23.1-1.amzn2.0.2.noarch \n \n src: \n \u00a0\u00a0\u00a0 git-2.23.1-1.amzn2.0.2.src \n \n x86_64: \n \u00a0\u00a0\u00a0 git-2.23.1-1.amzn2.0.2.x86_64 \n \u00a0\u00a0\u00a0 git-core-2.23.1-1.amzn2.0.2.x86_64 \n \u00a0\u00a0\u00a0 git-daemon-2.23.1-1.amzn2.0.2.x86_64 \n \u00a0\u00a0\u00a0 git-subtree-2.23.1-1.amzn2.0.2.x86_64 \n \u00a0\u00a0\u00a0 git-debuginfo-2.23.1-1.amzn2.0.2.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2020-5260](<https://access.redhat.com/security/cve/CVE-2020-5260>)\n\nMitre: [CVE-2020-5260](<https://vulners.com/cve/CVE-2020-5260>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-13T22:34:00", "type": "amazon", "title": "Important: git", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2020-04-15T15:12:00", "id": "ALAS2-2020-1409", "href": "https://alas.aws.amazon.com/AL2/ALAS-2020-1409.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-08T17:11:24", "description": "**Issue Overview:**\n\nWith a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host. The attack has been made impossible by forbidding a newline character in any value passed via the credential protocol.(CVE-2020-5260)\n\n \n**Affected Packages:** \n\n\ngit\n\n \n**Issue Correction:** \nRun _yum update git_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 git-svn-2.14.6-1.62.amzn1.i686 \n \u00a0\u00a0\u00a0 git-daemon-2.14.6-1.62.amzn1.i686 \n \u00a0\u00a0\u00a0 git-2.14.6-1.62.amzn1.i686 \n \u00a0\u00a0\u00a0 git-debuginfo-2.14.6-1.62.amzn1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 emacs-git-el-2.14.6-1.62.amzn1.noarch \n \u00a0\u00a0\u00a0 gitweb-2.14.6-1.62.amzn1.noarch \n \u00a0\u00a0\u00a0 perl-Git-2.14.6-1.62.amzn1.noarch \n \u00a0\u00a0\u00a0 git-email-2.14.6-1.62.amzn1.noarch \n \u00a0\u00a0\u00a0 emacs-git-2.14.6-1.62.amzn1.noarch \n \u00a0\u00a0\u00a0 git-hg-2.14.6-1.62.amzn1.noarch \n \u00a0\u00a0\u00a0 git-p4-2.14.6-1.62.amzn1.noarch \n \u00a0\u00a0\u00a0 git-all-2.14.6-1.62.amzn1.noarch \n \u00a0\u00a0\u00a0 git-bzr-2.14.6-1.62.amzn1.noarch \n \u00a0\u00a0\u00a0 perl-Git-SVN-2.14.6-1.62.amzn1.noarch \n \u00a0\u00a0\u00a0 git-cvs-2.14.6-1.62.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 git-2.14.6-1.62.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 git-daemon-2.14.6-1.62.amzn1.x86_64 \n \u00a0\u00a0\u00a0 git-svn-2.14.6-1.62.amzn1.x86_64 \n \u00a0\u00a0\u00a0 git-2.14.6-1.62.amzn1.x86_64 \n \u00a0\u00a0\u00a0 git-debuginfo-2.14.6-1.62.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2020-5260](<https://access.redhat.com/security/cve/CVE-2020-5260>)\n\nMitre: [CVE-2020-5260](<https://vulners.com/cve/CVE-2020-5260>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-15T17:03:00", "type": "amazon", "title": "Important: git", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2020-04-17T00:03:00", "id": "ALAS-2020-1357", "href": "https://alas.aws.amazon.com/ALAS-2020-1357.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-08T17:36:08", "description": "**Issue Overview:**\n\nAffected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external \"credential helper\" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a \"blank\" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's \"store\" helper - Git's \"cache\" helper - the \"osxkeychain\" helper that ships in Git's \"contrib\" directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability. (CVE-2020-11008)\n\n \n**Affected Packages:** \n\n\ngit\n\n \n**Issue Correction:** \nRun _yum update git_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 git-2.23.3-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 git-core-2.23.3-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 git-daemon-2.23.3-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 git-subtree-2.23.3-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 git-debuginfo-2.23.3-1.amzn2.0.1.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 git-2.23.3-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 git-core-2.23.3-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 git-daemon-2.23.3-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 git-subtree-2.23.3-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 git-debuginfo-2.23.3-1.amzn2.0.1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 git-all-2.23.3-1.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 git-core-doc-2.23.3-1.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 git-cvs-2.23.3-1.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 git-email-2.23.3-1.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 gitk-2.23.3-1.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 gitweb-2.23.3-1.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 git-gui-2.23.3-1.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 git-instaweb-2.23.3-1.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 git-p4-2.23.3-1.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 perl-Git-2.23.3-1.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 perl-Git-SVN-2.23.3-1.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 git-svn-2.23.3-1.amzn2.0.1.noarch \n \n src: \n \u00a0\u00a0\u00a0 git-2.23.3-1.amzn2.0.1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 git-2.23.3-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 git-core-2.23.3-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 git-daemon-2.23.3-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 git-subtree-2.23.3-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 git-debuginfo-2.23.3-1.amzn2.0.1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2020-11008](<https://access.redhat.com/security/cve/CVE-2020-11008>)\n\nMitre: [CVE-2020-11008](<https://vulners.com/cve/CVE-2020-11008>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-05T01:11:00", "type": "amazon", "title": "Important: git", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11008", "CVE-2020-5260"], "modified": "2020-05-06T22:57:00", "id": "ALAS2-2020-1416", "href": "https://alas.aws.amazon.com/AL2/ALAS-2020-1416.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-08T17:10:35", "description": "**Issue Overview:**\n\nAffected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external \"credential helper\" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a \"blank\" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's \"store\" helper - Git's \"cache\" helper - the \"osxkeychain\" helper that ships in Git's \"contrib\" directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability. (CVE-2020-11008)\n\nAffected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external \"credential helper\" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1. (CVE-2020-5260)\n\n \n**Affected Packages:** \n\n\ngit\n\n \n**Issue Correction:** \nRun _yum update git_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 git-subtree-2.18.4-2.71.amzn1.i686 \n \u00a0\u00a0\u00a0 git-core-2.18.4-2.71.amzn1.i686 \n \u00a0\u00a0\u00a0 git-svn-2.18.4-2.71.amzn1.i686 \n \u00a0\u00a0\u00a0 git-debuginfo-2.18.4-2.71.amzn1.i686 \n \u00a0\u00a0\u00a0 git-2.18.4-2.71.amzn1.i686 \n \u00a0\u00a0\u00a0 git-daemon-2.18.4-2.71.amzn1.i686 \n \u00a0\u00a0\u00a0 git-instaweb-2.18.4-2.71.amzn1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 emacs-git-el-2.18.4-2.71.amzn1.noarch \n \u00a0\u00a0\u00a0 emacs-git-2.18.4-2.71.amzn1.noarch \n \u00a0\u00a0\u00a0 git-bzr-2.18.4-2.71.amzn1.noarch \n \u00a0\u00a0\u00a0 git-all-2.18.4-2.71.amzn1.noarch \n \u00a0\u00a0\u00a0 gitweb-2.18.4-2.71.amzn1.noarch \n \u00a0\u00a0\u00a0 git-cvs-2.18.4-2.71.amzn1.noarch \n \u00a0\u00a0\u00a0 git-email-2.18.4-2.71.amzn1.noarch \n \u00a0\u00a0\u00a0 git-hg-2.18.4-2.71.amzn1.noarch \n \u00a0\u00a0\u00a0 perl-Git-SVN-2.18.4-2.71.amzn1.noarch \n \u00a0\u00a0\u00a0 git-core-doc-2.18.4-2.71.amzn1.noarch \n \u00a0\u00a0\u00a0 git-p4-2.18.4-2.71.amzn1.noarch \n \u00a0\u00a0\u00a0 perl-Git-2.18.4-2.71.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 git-2.18.4-2.71.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 git-svn-2.18.4-2.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 git-subtree-2.18.4-2.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 git-debuginfo-2.18.4-2.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 git-core-2.18.4-2.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 git-2.18.4-2.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 git-instaweb-2.18.4-2.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 git-daemon-2.18.4-2.71.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2020-11008](<https://access.redhat.com/security/cve/CVE-2020-11008>), [CVE-2020-5260](<https://access.redhat.com/security/cve/CVE-2020-5260>)\n\nMitre: [CVE-2020-11008](<https://vulners.com/cve/CVE-2020-11008>), [CVE-2020-5260](<https://vulners.com/cve/CVE-2020-5260>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-28T17:23:00", "type": "amazon", "title": "Important: git", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11008", "CVE-2020-5260"], "modified": "2020-07-29T21:30:00", "id": "ALAS-2020-1413", "href": "https://alas.aws.amazon.com/ALAS-2020-1413.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "fedora": [{"lastseen": "2021-07-28T14:46:51", "description": "Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, including tools for integrating with other SCMs, install the git-all meta-package. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-04-18T00:08:44", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: git-2.25.3-1.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2020-04-18T00:08:44", "id": "FEDORA:3DE3060C7BDC", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XPCEOIFLLEF24L6GLVJVFZX4CREDEHDF/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-07-28T14:46:51", "description": "Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, including tools for integrating with other SCMs, install the git-all meta-package. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-04-25T02:38:32", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: git-2.26.1-1.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2020-04-25T02:38:32", "id": "FEDORA:28CE060FDFE6", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7TVS5UG6JD3MYIGSBKMIOS6AF7CR5IPI/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-07-28T14:46:51", "description": "Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, including tools for integrating with other SCMs, install the git-all meta-package. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-04-26T02:50:14", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: git-2.25.4-1.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11008", "CVE-2020-5260"], "modified": "2020-04-26T02:50:14", "id": "FEDORA:8FE43605A2A8", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PN3FUOXKX3AXTULYV53ACABER2W2FSOU/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-07-28T14:46:51", "description": "Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, including tools for integrating with other SCMs, install the git-all meta-package. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-05-01T04:54:13", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: git-2.21.3-1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11008", "CVE-2020-5260"], "modified": "2020-05-01T04:54:13", "id": "FEDORA:EE90E6397691", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/74Q7WVJ6FKLIN62VS2JD2XCNWK5TNKOW/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-07-28T14:46:51", "description": "Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, including tools for integrating with other SCMs, install the git-all meta-package. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-04-27T02:46:35", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: git-2.26.2-1.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11008", "CVE-2020-5260"], "modified": "2020-04-27T02:46:35", "id": "FEDORA:16CC4606DC3F", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MOCTR2SEHCPSCOVUQJAGFPGKFMI2VE6V/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2023-01-11T14:40:55", "description": "The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:1513 advisory.\n\n - git: Crafted URL containing new lines can cause credential leak (CVE-2020-5260)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "CentOS 8 : git (CESA-2020:1513)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:git", "p-cpe:/a:centos:centos:git-all", "p-cpe:/a:centos:centos:git-core", "p-cpe:/a:centos:centos:git-core-doc", "p-cpe:/a:centos:centos:git-daemon", "p-cpe:/a:centos:centos:git-email", "p-cpe:/a:centos:centos:git-gui", "p-cpe:/a:centos:centos:git-instaweb", "p-cpe:/a:centos:centos:git-subtree", "p-cpe:/a:centos:centos:git-svn", "p-cpe:/a:centos:centos:gitk", "p-cpe:/a:centos:centos:gitweb", "p-cpe:/a:centos:centos:perl-Git", "p-cpe:/a:centos:centos:perl-Git-SVN"], "id": "CENTOS8_RHSA-2020-1513.NASL", "href": "https://www.tenable.com/plugins/nessus/146004", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:1513. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146004);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\"CVE-2020-5260\");\n script_xref(name:\"RHSA\", value:\"2020:1513\");\n\n script_name(english:\"CentOS 8 : git (CESA-2020:1513)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2020:1513 advisory.\n\n - git: Crafted URL containing new lines can cause credential leak (CVE-2020-5260)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1513\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5260\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-core-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-subtree\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Git-SVN\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'git-2.18.2-2.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-2.18.2-2.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-all-2.18.2-2.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-all-2.18.2-2.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-2.18.2-2.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-2.18.2-2.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-doc-2.18.2-2.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-doc-2.18.2-2.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-daemon-2.18.2-2.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-daemon-2.18.2-2.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-email-2.18.2-2.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-email-2.18.2-2.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-gui-2.18.2-2.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-gui-2.18.2-2.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-instaweb-2.18.2-2.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-instaweb-2.18.2-2.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-subtree-2.18.2-2.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-subtree-2.18.2-2.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-svn-2.18.2-2.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-svn-2.18.2-2.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitk-2.18.2-2.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitk-2.18.2-2.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitweb-2.18.2-2.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitweb-2.18.2-2.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-2.18.2-2.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-2.18.2-2.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-SVN-2.18.2-2.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-SVN-2.18.2-2.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'git / git-all / git-core / git-core-doc / git-daemon / git-email / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:10:41", "description": "From Red Hat Security Advisory 2020:1511 :\n\nThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1511 advisory.\n\n - git: Crafted URL containing new lines can cause credential leak (CVE-2020-5260)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-24T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : git (ELSA-2020-1511)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2020-06-05T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:emacs-git", "p-cpe:/a:oracle:linux:emacs-git-el", "p-cpe:/a:oracle:linux:git", "p-cpe:/a:oracle:linux:git-all", "p-cpe:/a:oracle:linux:git-bzr", "p-cpe:/a:oracle:linux:git-cvs", "p-cpe:/a:oracle:linux:git-daemon", "p-cpe:/a:oracle:linux:git-email", "p-cpe:/a:oracle:linux:git-gnome-keyring", "p-cpe:/a:oracle:linux:git-gui", "p-cpe:/a:oracle:linux:git-hg", "p-cpe:/a:oracle:linux:git-instaweb", "p-cpe:/a:oracle:linux:git-p4", "p-cpe:/a:oracle:linux:git-svn", "p-cpe:/a:oracle:linux:gitk", "p-cpe:/a:oracle:linux:gitweb", "p-cpe:/a:oracle:linux:perl-Git", "p-cpe:/a:oracle:linux:perl-Git-SVN", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2020-1511.NASL", "href": "https://www.tenable.com/plugins/nessus/135952", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1511 and \n# Oracle Linux Security Advisory ELSA-2020-1511 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135952);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/05\");\n\n script_cve_id(\"CVE-2020-5260\");\n script_xref(name:\"RHSA\", value:\"2020:1511\");\n\n script_name(english:\"Oracle Linux 7 : git (ELSA-2020-1511)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2020:1511 :\n\nThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:1511 advisory.\n\n - git: Crafted URL containing new lines can cause\n credential leak (CVE-2020-5260)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2020-April/009853.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-gnome-keyring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"emacs-git-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"emacs-git-el-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-all-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-bzr-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-cvs-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-daemon-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-email-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-gnome-keyring-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-gui-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-hg-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-instaweb-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-p4-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"git-svn-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"gitk-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"gitweb-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"perl-Git-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"perl-Git-SVN-1.8.3.1-22.el7_8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs-git / emacs-git-el / git / git-all / git-bzr / git-cvs / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:11:53", "description": "From Red Hat Security Advisory 2020:1513 :\n\nThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1513 advisory.\n\n - git: Crafted URL containing new lines can cause credential leak (CVE-2020-5260)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-24T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : git (ELSA-2020-1513)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2020-04-28T00:00:00", "cpe": ["cpe:2.3:o:oracle:linux:8:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:git:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:git-all:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:git-daemon:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:git-email:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:git-gui:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:git-svn:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:gitk:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:gitweb:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:perl-git:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:perl-git-svn:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:git-instaweb:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:git-core:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:git-core-doc:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:git-subtree:*:*:*:*:*:*:*"], "id": "ORACLELINUX_ELSA-2020-1513.NASL", "href": "https://www.tenable.com/plugins/nessus/135954", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1513 and \n# Oracle Linux Security Advisory ELSA-2020-1513 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135954);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/28\");\n\n script_cve_id(\"CVE-2020-5260\");\n script_xref(name:\"RHSA\", value:\"2020:1513\");\n\n script_name(english:\"Oracle Linux 8 : git (ELSA-2020-1513)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2020:1513 :\n\nThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:1513 advisory.\n\n - git: Crafted URL containing new lines can cause\n credential leak (CVE-2020-5260)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2020-April/009857.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-core-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-subtree\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 8\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"git-2.18.2-2.el8_1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"git-all-2.18.2-2.el8_1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"git-core-2.18.2-2.el8_1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"git-core-doc-2.18.2-2.el8_1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"git-daemon-2.18.2-2.el8_1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"git-email-2.18.2-2.el8_1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"git-gui-2.18.2-2.el8_1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"git-instaweb-2.18.2-2.el8_1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"git-subtree-2.18.2-2.el8_1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"git-svn-2.18.2-2.el8_1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"gitk-2.18.2-2.el8_1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"gitweb-2.18.2-2.el8_1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"perl-Git-2.18.2-2.el8_1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"perl-Git-SVN-2.18.2-2.el8_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git / git-all / git-core / git-core-doc / git-daemon / git-email / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:10:57", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1511 advisory.\n\n - git: Crafted URL containing new lines can cause credential leak (CVE-2020-5260)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-01T00:00:00", "type": "nessus", "title": "CentOS 7 : git (CESA-2020:1511)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2020-06-05T00:00:00", "cpe": ["p-cpe:/a:centos:centos:emacs-git", "p-cpe:/a:centos:centos:emacs-git-el", "p-cpe:/a:centos:centos:git", "p-cpe:/a:centos:centos:git-all", "p-cpe:/a:centos:centos:git-bzr", "p-cpe:/a:centos:centos:git-cvs", "p-cpe:/a:centos:centos:git-daemon", "p-cpe:/a:centos:centos:git-email", "p-cpe:/a:centos:centos:git-gnome-keyring", "p-cpe:/a:centos:centos:git-gui", "p-cpe:/a:centos:centos:git-hg", "p-cpe:/a:centos:centos:git-instaweb", "p-cpe:/a:centos:centos:git-p4", "p-cpe:/a:centos:centos:git-svn", "p-cpe:/a:centos:centos:gitk", "p-cpe:/a:centos:centos:gitweb", "p-cpe:/a:centos:centos:perl-Git", "p-cpe:/a:centos:centos:perl-Git-SVN", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-1511.NASL", "href": "https://www.tenable.com/plugins/nessus/136197", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2020:1511 and \n# CentOS Errata and Security Advisory 2020:1511 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136197);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/05\");\n\n script_cve_id(\"CVE-2020-5260\");\n script_xref(name:\"RHSA\", value:\"2020:1511\");\n\n script_name(english:\"CentOS 7 : git (CESA-2020:1511)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:1511 advisory.\n\n - git: Crafted URL containing new lines can cause\n credential leak (CVE-2020-5260)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2020-April/035708.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?89325e66\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5260\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-gnome-keyring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-git-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-git-el-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-all-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-bzr-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-cvs-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-daemon-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-email-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-gnome-keyring-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-gui-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-hg-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-instaweb-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-p4-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"git-svn-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gitk-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gitweb-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perl-Git-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perl-Git-SVN-1.8.3.1-22.el7_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs-git / emacs-git-el / git / git-all / git-bzr / git-cvs / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:11:19", "description": "Security Fix(es) :\n\n - git: Crafted URL containing new lines can cause credential leak (CVE-2020-5260)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-22T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : git on SL7.x x86_64 (20200421)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2020-04-27T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:emacs-git", "p-cpe:/a:fermilab:scientific_linux:emacs-git-el", "p-cpe:/a:fermilab:scientific_linux:git", "p-cpe:/a:fermilab:scientific_linux:git-all", "p-cpe:/a:fermilab:scientific_linux:git-bzr", "p-cpe:/a:fermilab:scientific_linux:git-cvs", "p-cpe:/a:fermilab:scientific_linux:git-daemon", "p-cpe:/a:fermilab:scientific_linux:git-debuginfo", "p-cpe:/a:fermilab:scientific_linux:git-email", "p-cpe:/a:fermilab:scientific_linux:git-gnome-keyring", "p-cpe:/a:fermilab:scientific_linux:git-gui", "p-cpe:/a:fermilab:scientific_linux:git-hg", "p-cpe:/a:fermilab:scientific_linux:git-instaweb", "p-cpe:/a:fermilab:scientific_linux:git-p4", "p-cpe:/a:fermilab:scientific_linux:git-svn", "p-cpe:/a:fermilab:scientific_linux:gitk", "p-cpe:/a:fermilab:scientific_linux:gitweb", "p-cpe:/a:fermilab:scientific_linux:perl-Git", "p-cpe:/a:fermilab:scientific_linux:perl-Git-SVN", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20200421_GIT_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/135886", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135886);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/27\");\n\n script_cve_id(\"CVE-2020-5260\");\n\n script_name(english:\"Scientific Linux Security Update : git on SL7.x x86_64 (20200421)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - git: Crafted URL containing new lines can cause\n credential leak (CVE-2020-5260)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2004&L=SCIENTIFIC-LINUX-ERRATA&P=22362\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?43ffbb91\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5260\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-gnome-keyring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", reference:\"emacs-git-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"emacs-git-el-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"git-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-all-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-bzr-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-cvs-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"git-daemon-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"git-debuginfo-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-email-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"git-gnome-keyring-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-gui-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-hg-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-instaweb-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-p4-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"git-svn-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"gitk-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"gitweb-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"perl-Git-1.8.3.1-22.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"perl-Git-SVN-1.8.3.1-22.el7_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs-git / emacs-git-el / git / git-all / git-bzr / git-cvs / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:13:59", "description": "According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external 'credential helper' programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are:\n 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.(CVE-2020-5260)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-17T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : git (EulerOS-SA-2020-1675)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:git", "p-cpe:/a:huawei:euleros:perl-Git", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1675.NASL", "href": "https://www.tenable.com/plugins/nessus/137517", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137517);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-5260\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : git (EulerOS-SA-2020-1675)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the git packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - Affected versions of Git have a vulnerability whereby\n Git can be tricked into sending private credentials to\n a host controlled by an attacker. Git uses external\n 'credential helper' programs to store and retrieve\n passwords or other credentials from secure storage\n provided by the operating system. Specially-crafted\n URLs that contain an encoded newline can inject\n unintended values into the credential helper protocol\n stream, causing the credential helper to retrieve the\n password for one server (e.g., good.example.com) for an\n HTTP request being made to another server (e.g.,\n evil.example.com), resulting in credentials for the\n former being sent to the latter. There are no\n restrictions on the relationship between the two,\n meaning that an attacker can craft a URL that will\n present stored credentials for any host to a host of\n their choosing. The vulnerability can be triggered by\n feeding a malicious URL to git clone. However, the\n affected URLs look rather suspicious the likely vector\n would be through systems which automatically clone URLs\n not visible to the user, such as Git submodules, or\n package systems built around Git. The problem has been\n patched in the versions published on April 14th, 2020,\n going back to v2.17.x. Anyone wishing to backport the\n change further can do so by applying commit 9a6bbee\n (the full release includes extra checks for git fsck,\n but that commit is sufficient to protect clients\n against the vulnerability). The patched versions are:\n 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2,\n 2.24.2, 2.25.3, 2.26.1.(CVE-2020-5260)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1675\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?389d04ee\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"git-1.8.3.1-14.h5\",\n \"perl-Git-1.8.3.1-14.h5\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:12:42", "description": "An update of the git package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Git PHSA-2020-1.0-0291", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2020-05-08T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:git", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2020-1_0-0291_GIT.NASL", "href": "https://www.tenable.com/plugins/nessus/136406", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-1.0-0291. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136406);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/08\");\n\n script_cve_id(\"CVE-2020-5260\");\n\n script_name(english:\"Photon OS 1.0: Git PHSA-2020-1.0-0291\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the git package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-291.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5260\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"git-2.23.1-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"git-debuginfo-2.23.1-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"git-lang-2.23.1-2.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:12:25", "description": "An update of the git package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-05T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Git PHSA-2020-2.0-0236", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2020-05-06T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:git", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2020-2_0-0236_GIT.NASL", "href": "https://www.tenable.com/plugins/nessus/136328", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-2.0-0236. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136328);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/06\");\n\n script_cve_id(\"CVE-2020-5260\");\n\n script_name(english:\"Photon OS 2.0: Git PHSA-2020-2.0-0236\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the git package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-236.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5260\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"git-2.23.1-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"git-debuginfo-2.23.1-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"git-lang-2.23.1-2.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:13:14", "description": "An update of the git package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-13T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Git PHSA-2020-3.0-0086", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2020-05-15T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:git", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2020-3_0-0086_GIT.NASL", "href": "https://www.tenable.com/plugins/nessus/136573", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-3.0-0086. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136573);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/15\");\n\n script_cve_id(\"CVE-2020-5260\");\n\n script_name(english:\"Photon OS 3.0: Git PHSA-2020-3.0-0086\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the git package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-86.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5260\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"git-2.23.1-3.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"git-debuginfo-2.23.1-3.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"git-lang-2.23.1-3.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:15:26", "description": "git security advisory reports :\n\nGit uses external 'credential helper' programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server for an HTTP request being made to another server, resulting in credentials for the former being sent to the latter.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-05T00:00:00", "type": "nessus", "title": "FreeBSD : malicious URLs may present credentials to wrong server (ced2d47e-8469-11ea-a283-b42e99a1b9c3)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2020-08-13T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:git", "p-cpe:/a:freebsd:freebsd:git-gui", "p-cpe:/a:freebsd:freebsd:git-lite", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_CED2D47E846911EAA283B42E99A1B9C3.NASL", "href": "https://www.tenable.com/plugins/nessus/137168", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137168);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/13\");\n\n script_cve_id(\"CVE-2020-5260\");\n\n script_name(english:\"FreeBSD : malicious URLs may present credentials to wrong server (ced2d47e-8469-11ea-a283-b42e99a1b9c3)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"git security advisory reports :\n\nGit uses external 'credential helper' programs to store and retrieve\npasswords or other credentials from secure storage provided by the\noperating system. Specially crafted URLs that contain an encoded\nnewline can inject unintended values into the credential helper\nprotocol stream, causing the credential helper to retrieve the\npassword for one server for an HTTP request being made to another\nserver, resulting in credentials for the former being sent to the\nlatter.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q\"\n );\n # https://vuxml.freebsd.org/freebsd/ced2d47e-8469-11ea-a283-b42e99a1b9c3.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e5c9e90d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:git-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"git>=2.26.0<2.26.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git>=2.25.0<2.25.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git>=2.24.0<2.24.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git>=2.23.0<2.23.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git>=2.22.0<2.22.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git>=2.21.0<2.21.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git>=2.20.0<2.20.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git>=2.19.0<2.19.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git>=2.18.0<2.18.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git>=0<2.17.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git-lite>=2.26.0<2.26.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git-lite>=2.25.0<2.25.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git-lite>=2.24.0<2.24.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git-lite>=2.23.0<2.23.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git-lite>=2.22.0<2.22.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git-lite>=2.21.0<2.21.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git-lite>=2.20.0<2.20.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git-lite>=2.19.0<2.19.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git-lite>=2.18.0<2.18.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git-lite>=0<2.17.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git-gui>=2.26.0<2.26.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git-gui>=2.25.0<2.25.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git-gui>=2.24.0<2.24.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git-gui>=2.23.0<2.23.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git-gui>=2.22.0<2.22.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git-gui>=2.21.0<2.21.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git-gui>=2.20.0<2.20.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git-gui>=2.19.0<2.19.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git-gui>=2.18.0<2.18.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"git-gui>=0<2.17.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:09:58", "description": "Felix Wilhelm of Google Project Zero discovered a flaw in git, a fast, scalable, distributed revision control system. With a crafted URL that contains a newline, the credential helper machinery can be fooled to return credential information for a wrong host.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-15T00:00:00", "type": "nessus", "title": "Debian DSA-4657-1 : git - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2020-04-27T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:git", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4657.NASL", "href": "https://www.tenable.com/plugins/nessus/135499", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4657. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135499);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/27\");\n\n script_cve_id(\"CVE-2020-5260\");\n script_xref(name:\"DSA\", value:\"4657\");\n\n script_name(english:\"Debian DSA-4657-1 : git - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Felix Wilhelm of Google Project Zero discovered a flaw in git, a fast,\nscalable, distributed revision control system. With a crafted URL that\ncontains a newline, the credential helper machinery can be fooled to\nreturn credential information for a wrong host.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/git\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/git\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/git\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4657\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the git packages.\n\nFor the oldstable distribution (stretch), this problem has been fixed\nin version 1:2.11.0-3+deb9u6.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1:2.20.1-2+deb10u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5260\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"git\", reference:\"1:2.20.1-2+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"git-all\", reference:\"1:2.20.1-2+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"git-cvs\", reference:\"1:2.20.1-2+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"git-daemon-run\", reference:\"1:2.20.1-2+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"git-daemon-sysvinit\", reference:\"1:2.20.1-2+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"git-doc\", reference:\"1:2.20.1-2+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"git-el\", reference:\"1:2.20.1-2+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"git-email\", reference:\"1:2.20.1-2+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"git-gui\", reference:\"1:2.20.1-2+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"git-man\", reference:\"1:2.20.1-2+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"git-mediawiki\", reference:\"1:2.20.1-2+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"git-svn\", reference:\"1:2.20.1-2+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"gitk\", reference:\"1:2.20.1-2+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"gitweb\", reference:\"1:2.20.1-2+deb10u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git\", reference:\"1:2.11.0-3+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-all\", reference:\"1:2.11.0-3+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-arch\", reference:\"1:2.11.0-3+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-core\", reference:\"1:2.11.0-3+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-cvs\", reference:\"1:2.11.0-3+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-daemon-run\", reference:\"1:2.11.0-3+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-daemon-sysvinit\", reference:\"1:2.11.0-3+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-doc\", reference:\"1:2.11.0-3+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-el\", reference:\"1:2.11.0-3+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-email\", reference:\"1:2.11.0-3+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-gui\", reference:\"1:2.11.0-3+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-man\", reference:\"1:2.11.0-3+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-mediawiki\", reference:\"1:2.11.0-3+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"git-svn\", reference:\"1:2.11.0-3+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"gitk\", reference:\"1:2.11.0-3+deb9u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"gitweb\", reference:\"1:2.11.0-3+deb9u6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:12:07", "description": "This update for git fixes the following issues :\n\nCVE-2020-5260: With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host (bsc#1168930).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-15T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2020:0991-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:git", "p-cpe:/a:novell:suse_linux:git-arch", "p-cpe:/a:novell:suse_linux:git-core", "p-cpe:/a:novell:suse_linux:git-core-debuginfo", "p-cpe:/a:novell:suse_linux:git-credential-gnome-keyring", "p-cpe:/a:novell:suse_linux:git-credential-gnome-keyring-debuginfo", "p-cpe:/a:novell:suse_linux:git-credential-libsecret", "p-cpe:/a:novell:suse_linux:git-credential-libsecret-debuginfo", "p-cpe:/a:novell:suse_linux:git-cvs", "p-cpe:/a:novell:suse_linux:git-daemon", "p-cpe:/a:novell:suse_linux:git-daemon-debuginfo", "p-cpe:/a:novell:suse_linux:git-debuginfo", "p-cpe:/a:novell:suse_linux:git-debugsource", "p-cpe:/a:novell:suse_linux:git-email", "p-cpe:/a:novell:suse_linux:git-gui", "p-cpe:/a:novell:suse_linux:git-p4", "p-cpe:/a:novell:suse_linux:git-svn", "p-cpe:/a:novell:suse_linux:git-svn-debuginfo", "p-cpe:/a:novell:suse_linux:git-web", "p-cpe:/a:novell:suse_linux:gitk", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-0991-1.NASL", "href": "https://www.tenable.com/plugins/nessus/135579", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:0991-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135579);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-5260\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2020:0991-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for git fixes the following issues :\n\nCVE-2020-5260: With a crafted URL that contains a newline in it, the\ncredential helper machinery can be fooled to give credential\ninformation for a wrong host (bsc#1168930).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168930\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-5260/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20200991-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0289361a\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15:zypper in -t patch\nSUSE-SLE-Product-SLES_SAP-15-2020-991=1\n\nSUSE Linux Enterprise Server 15-LTSS:zypper in -t patch\nSUSE-SLE-Product-SLES-15-2020-991=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-991=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Development-Tools-15-SP1-2020-991=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-SP1-2020-991=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS:zypper in -t\npatch SUSE-SLE-Product-HPC-15-2020-991=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS:zypper in -t\npatch SUSE-SLE-Product-HPC-15-2020-991=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5260\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-arch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-credential-gnome-keyring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-credential-gnome-keyring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-credential-libsecret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-credential-libsecret-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-daemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-svn-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-arch-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-core-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-core-debuginfo-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-credential-gnome-keyring-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-credential-gnome-keyring-debuginfo-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-credential-libsecret-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-credential-libsecret-debuginfo-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-cvs-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-daemon-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-daemon-debuginfo-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-debuginfo-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-debugsource-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-email-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-gui-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-p4-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-svn-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-svn-debuginfo-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-web-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"gitk-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"git-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"git-arch-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"git-core-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"git-core-debuginfo-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"git-cvs-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"git-daemon-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"git-daemon-debuginfo-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"git-debuginfo-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"git-debugsource-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"git-email-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"git-gui-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"git-svn-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"git-svn-debuginfo-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"git-web-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"gitk-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-arch-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-core-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-core-debuginfo-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-credential-gnome-keyring-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-credential-gnome-keyring-debuginfo-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-credential-libsecret-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-credential-libsecret-debuginfo-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-cvs-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-daemon-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-daemon-debuginfo-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-debuginfo-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-debugsource-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-email-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-gui-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-p4-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-svn-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-svn-debuginfo-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-web-2.16.4-3.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"gitk-2.16.4-3.20.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-14T14:46:45", "description": "Felix Wilhelm discovered that Git incorrectly handled certain URLs that included newlines. A remote attacker could possibly use this issue to trick Git into returning credential information for a wrong host.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-15T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : Git vulnerability (USN-4329-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:git", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.10"], "id": "UBUNTU_USN-4329-1.NASL", "href": "https://www.tenable.com/plugins/nessus/135581", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4329-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135581);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2020-5260\");\n script_xref(name:\"USN\", value:\"4329-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : Git vulnerability (USN-4329-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Felix Wilhelm discovered that Git incorrectly handled certain URLs\nthat included newlines. A remote attacker could possibly use this\nissue to trick Git into returning credential information for a wrong\nhost.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4329-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5260\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|19\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 19.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"git\", pkgver:\"1:2.7.4-0ubuntu1.8\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"git\", pkgver:\"1:2.17.1-1ubuntu0.6\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"git\", pkgver:\"1:2.20.1-2ubuntu1.19.10.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:11:34", "description": "With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host. The attack has been made impossible by forbidding a newline character in any value passed via the credential protocol.(CVE-2020-5260)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-17T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : git (ALAS-2020-1357)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2020-04-27T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:emacs-git", "p-cpe:/a:amazon:linux:emacs-git-el", "p-cpe:/a:amazon:linux:git", "p-cpe:/a:amazon:linux:git-all", "p-cpe:/a:amazon:linux:git-bzr", "p-cpe:/a:amazon:linux:git-cvs", "p-cpe:/a:amazon:linux:git-daemon", "p-cpe:/a:amazon:linux:git-debuginfo", "p-cpe:/a:amazon:linux:git-email", "p-cpe:/a:amazon:linux:git-hg", "p-cpe:/a:amazon:linux:git-p4", "p-cpe:/a:amazon:linux:git-svn", "p-cpe:/a:amazon:linux:gitweb", "p-cpe:/a:amazon:linux:perl-Git", "p-cpe:/a:amazon:linux:perl-Git-SVN", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2020-1357.NASL", "href": "https://www.tenable.com/plugins/nessus/135710", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1357.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135710);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/27\");\n\n script_cve_id(\"CVE-2020-5260\");\n script_xref(name:\"ALAS\", value:\"2020-1357\");\n\n script_name(english:\"Amazon Linux AMI : git (ALAS-2020-1357)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"With a crafted URL that contains a newline in it, the credential\nhelper machinery can be fooled to give credential information for a\nwrong host. The attack has been made impossible by forbidding a\nnewline character in any value passed via the credential\nprotocol.(CVE-2020-5260)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2020-1357.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update git' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5260\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"emacs-git-2.14.6-1.62.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"emacs-git-el-2.14.6-1.62.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-2.14.6-1.62.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-all-2.14.6-1.62.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-bzr-2.14.6-1.62.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-cvs-2.14.6-1.62.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-daemon-2.14.6-1.62.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-debuginfo-2.14.6-1.62.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-email-2.14.6-1.62.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-hg-2.14.6-1.62.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-p4-2.14.6-1.62.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-svn-2.14.6-1.62.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"gitweb-2.14.6-1.62.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Git-2.14.6-1.62.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Git-SVN-2.14.6-1.62.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs-git / emacs-git-el / git / git-all / git-bzr / git-cvs / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:11:20", "description": "According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external 'credential helper' programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are:\n 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.(CVE-2020-5260)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-20T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : git (EulerOS-SA-2020-1503)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:git", "p-cpe:/a:huawei:euleros:git-core", "p-cpe:/a:huawei:euleros:git-core-doc", "p-cpe:/a:huawei:euleros:perl-Git", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1503.NASL", "href": "https://www.tenable.com/plugins/nessus/135736", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135736);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-5260\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : git (EulerOS-SA-2020-1503)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the git packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - Affected versions of Git have a vulnerability whereby\n Git can be tricked into sending private credentials to\n a host controlled by an attacker. Git uses external\n 'credential helper' programs to store and retrieve\n passwords or other credentials from secure storage\n provided by the operating system. Specially-crafted\n URLs that contain an encoded newline can inject\n unintended values into the credential helper protocol\n stream, causing the credential helper to retrieve the\n password for one server (e.g., good.example.com) for an\n HTTP request being made to another server (e.g.,\n evil.example.com), resulting in credentials for the\n former being sent to the latter. There are no\n restrictions on the relationship between the two,\n meaning that an attacker can craft a URL that will\n present stored credentials for any host to a host of\n their choosing. The vulnerability can be triggered by\n feeding a malicious URL to git clone. However, the\n affected URLs look rather suspicious the likely vector\n would be through systems which automatically clone URLs\n not visible to the user, such as Git submodules, or\n package systems built around Git. The problem has been\n patched in the versions published on April 14th, 2020,\n going back to v2.17.x. Anyone wishing to backport the\n change further can do so by applying commit 9a6bbee\n (the full release includes extra checks for git fsck,\n but that commit is sufficient to protect clients\n against the vulnerability). The patched versions are:\n 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2,\n 2.24.2, 2.25.3, 2.26.1.(CVE-2020-5260)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1503\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0e02ec17\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5260\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git-core-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"git-2.19.1-1.h6.eulerosv2r8\",\n \"git-core-2.19.1-1.h6.eulerosv2r8\",\n \"git-core-doc-2.19.1-1.h6.eulerosv2r8\",\n \"perl-Git-2.19.1-1.h6.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-24T14:19:32", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1511 advisory.\n\n - git: Crafted URL containing new lines can cause credential leak (CVE-2020-5260)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-21T00:00:00", "type": "nessus", "title": "RHEL 7 : git (RHSA-2020:1511)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:emacs-git", "p-cpe:/a:redhat:enterprise_linux:emacs-git-el", "p-cpe:/a:redhat:enterprise_linux:git", "p-cpe:/a:redhat:enterprise_linux:git-all", "p-cpe:/a:redhat:enterprise_linux:git-bzr", "p-cpe:/a:redhat:enterprise_linux:git-cvs", "p-cpe:/a:redhat:enterprise_linux:git-daemon", "p-cpe:/a:redhat:enterprise_linux:git-email", "p-cpe:/a:redhat:enterprise_linux:git-gnome-keyring", "p-cpe:/a:redhat:enterprise_linux:git-gui", "p-cpe:/a:redhat:enterprise_linux:git-hg", "p-cpe:/a:redhat:enterprise_linux:git-instaweb", "p-cpe:/a:redhat:enterprise_linux:git-p4", "p-cpe:/a:redhat:enterprise_linux:git-svn", "p-cpe:/a:redhat:enterprise_linux:gitk", "p-cpe:/a:redhat:enterprise_linux:gitweb", "p-cpe:/a:redhat:enterprise_linux:perl-Git", "p-cpe:/a:redhat:enterprise_linux:perl-Git-SVN"], "id": "REDHAT-RHSA-2020-1511.NASL", "href": "https://www.tenable.com/plugins/nessus/135770", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1511. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135770);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-5260\");\n script_xref(name:\"RHSA\", value:\"2020:1511\");\n\n script_name(english:\"RHEL 7 : git (RHSA-2020:1511)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:1511 advisory.\n\n - git: Crafted URL containing new lines can cause credential leak (CVE-2020-5260)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-5260\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822020\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5260\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-gnome-keyring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Git-SVN\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'emacs-git-1.8.3.1-22.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'emacs-git-el-1.8.3.1-22.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-1.8.3.1-22.el7_8', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-1.8.3.1-22.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-all-1.8.3.1-22.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-bzr-1.8.3.1-22.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-cvs-1.8.3.1-22.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-daemon-1.8.3.1-22.el7_8', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-daemon-1.8.3.1-22.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-email-1.8.3.1-22.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-gnome-keyring-1.8.3.1-22.el7_8', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-gnome-keyring-1.8.3.1-22.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-gui-1.8.3.1-22.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-hg-1.8.3.1-22.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-instaweb-1.8.3.1-22.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-p4-1.8.3.1-22.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-svn-1.8.3.1-22.el7_8', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-svn-1.8.3.1-22.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitk-1.8.3.1-22.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitweb-1.8.3.1-22.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-1.8.3.1-22.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-SVN-1.8.3.1-22.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'emacs-git / emacs-git-el / git / git-all / git-bzr / git-cvs / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-24T14:21:04", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1518 advisory.\n\n - git: Crafted URL containing new lines can cause credential leak (CVE-2020-5260)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-21T00:00:00", "type": "nessus", "title": "RHEL 8 : git (RHSA-2020:1518)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.0", "p-cpe:/a:redhat:enterprise_linux:git", "p-cpe:/a:redhat:enterprise_linux:git-all", "p-cpe:/a:redhat:enterprise_linux:git-core", "p-cpe:/a:redhat:enterprise_linux:git-core-doc", "p-cpe:/a:redhat:enterprise_linux:git-daemon", "p-cpe:/a:redhat:enterprise_linux:git-email", "p-cpe:/a:redhat:enterprise_linux:git-gui", "p-cpe:/a:redhat:enterprise_linux:git-instaweb", "p-cpe:/a:redhat:enterprise_linux:git-subtree", "p-cpe:/a:redhat:enterprise_linux:git-svn", "p-cpe:/a:redhat:enterprise_linux:gitk", "p-cpe:/a:redhat:enterprise_linux:gitweb", "p-cpe:/a:redhat:enterprise_linux:perl-Git", "p-cpe:/a:redhat:enterprise_linux:perl-Git-SVN"], "id": "REDHAT-RHSA-2020-1518.NASL", "href": "https://www.tenable.com/plugins/nessus/135862", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1518. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135862);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-5260\");\n script_xref(name:\"RHSA\", value:\"2020:1518\");\n\n script_name(english:\"RHEL 8 : git (RHSA-2020:1518)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:1518 advisory.\n\n - git: Crafted URL containing new lines can cause credential leak (CVE-2020-5260)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-5260\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822020\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5260\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-core-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-subtree\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Git-SVN\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.0')) audit(AUDIT_OS_NOT, 'Red Hat 8.0', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.0/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.0/x86_64/appstream/os',\n 'content/e4s/rhel8/8.0/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.0/x86_64/baseos/os',\n 'content/e4s/rhel8/8.0/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/sap/debug',\n 'content/e4s/rhel8/8.0/x86_64/sap/os',\n 'content/e4s/rhel8/8.0/x86_64/sap/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'git-2.18.2-2.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-all-2.18.2-2.el8_0', 'sp':'0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-2.18.2-2.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-doc-2.18.2-2.el8_0', 'sp':'0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-daemon-2.18.2-2.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-email-2.18.2-2.el8_0', 'sp':'0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-gui-2.18.2-2.el8_0', 'sp':'0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-instaweb-2.18.2-2.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-subtree-2.18.2-2.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-svn-2.18.2-2.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitk-2.18.2-2.el8_0', 'sp':'0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitweb-2.18.2-2.el8_0', 'sp':'0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-2.18.2-2.el8_0', 'sp':'0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-SVN-2.18.2-2.el8_0', 'sp':'0', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'git / git-all / git-core / git-core-doc / git-daemon / git-email / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:10:02", "description": "With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host. The attack has been made impossible by forbidding a newline character in any value passed via the credential protocol.\n(CVE-2020-5260)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-16T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : git (ALAS-2020-1409)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2020-04-27T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:git", "p-cpe:/a:amazon:linux:git-all", "p-cpe:/a:amazon:linux:git-core", "p-cpe:/a:amazon:linux:git-core-doc", "p-cpe:/a:amazon:linux:git-cvs", "p-cpe:/a:amazon:linux:git-daemon", "p-cpe:/a:amazon:linux:git-debuginfo", "p-cpe:/a:amazon:linux:git-email", "p-cpe:/a:amazon:linux:git-gui", "p-cpe:/a:amazon:linux:git-instaweb", "p-cpe:/a:amazon:linux:git-p4", "p-cpe:/a:amazon:linux:git-subtree", "p-cpe:/a:amazon:linux:git-svn", "p-cpe:/a:amazon:linux:gitk", "p-cpe:/a:amazon:linux:gitweb", "p-cpe:/a:amazon:linux:perl-Git", "p-cpe:/a:amazon:linux:perl-Git-SVN", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1409.NASL", "href": "https://www.tenable.com/plugins/nessus/135594", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1409.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135594);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/27\");\n\n script_cve_id(\"CVE-2020-5260\");\n script_xref(name:\"ALAS\", value:\"2020-1409\");\n\n script_name(english:\"Amazon Linux 2 : git (ALAS-2020-1409)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"With a crafted URL that contains a newline in it, the credential\nhelper machinery can be fooled to give credential information for a\nwrong host. The attack has been made impossible by forbidding a\nnewline character in any value passed via the credential protocol.\n(CVE-2020-5260)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1409.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update git' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5260\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-core-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-subtree\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"git-2.23.1-1.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"git-all-2.23.1-1.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"git-core-2.23.1-1.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"git-core-doc-2.23.1-1.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"git-cvs-2.23.1-1.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"git-daemon-2.23.1-1.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"git-debuginfo-2.23.1-1.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"git-email-2.23.1-1.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"git-gui-2.23.1-1.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"git-instaweb-2.23.1-1.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"git-p4-2.23.1-1.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"git-subtree-2.23.1-1.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"git-svn-2.23.1-1.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"gitk-2.23.1-1.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"gitweb-2.23.1-1.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"perl-Git-2.23.1-1.amzn2.0.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"perl-Git-SVN-2.23.1-1.amzn2.0.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git / git-all / git-core / git-core-doc / git-cvs / git-daemon / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:11:28", "description": "Felix Wilhelm of Google Project Zero discovered a flaw in git, a fast, scalable, distributed revision control system. With a crafted URL that contains a newline, the credential helper machinery can be fooled to return credential information for a wrong host.\n\nFor Debian 8 'Jessie', this problem has been fixed in version 1:2.1.4-2.1+deb8u9.\n\nWe recommend that you upgrade your git packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-16T00:00:00", "type": "nessus", "title": "Debian DLA-2177-1 : git security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:git", "p-cpe:/a:debian:debian_linux:git-all", "p-cpe:/a:debian:debian_linux:git-arch", "p-cpe:/a:debian:debian_linux:git-core", "p-cpe:/a:debian:debian_linux:git-cvs", "p-cpe:/a:debian:debian_linux:git-daemon-run", "p-cpe:/a:debian:debian_linux:git-daemon-sysvinit", "p-cpe:/a:debian:debian_linux:git-doc", "p-cpe:/a:debian:debian_linux:git-el", "p-cpe:/a:debian:debian_linux:git-email", "p-cpe:/a:debian:debian_linux:git-gui", "p-cpe:/a:debian:debian_linux:git-man", "p-cpe:/a:debian:debian_linux:git-mediawiki", "p-cpe:/a:debian:debian_linux:git-svn", "p-cpe:/a:debian:debian_linux:gitk", "p-cpe:/a:debian:debian_linux:gitweb", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-2177.NASL", "href": "https://www.tenable.com/plugins/nessus/135596", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2177-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135596);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2020-5260\");\n\n script_name(english:\"Debian DLA-2177-1 : git security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Felix Wilhelm of Google Project Zero discovered a flaw in git, a fast,\nscalable, distributed revision control system. With a crafted URL that\ncontains a newline, the credential helper machinery can be fooled to\nreturn credential information for a wrong host.\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n1:2.1.4-2.1+deb8u9.\n\nWe recommend that you upgrade your git packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/04/msg00010.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/git\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5260\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-arch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-daemon-run\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-daemon-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-mediawiki\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"git\", reference:\"1:2.1.4-2.1+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-all\", reference:\"1:2.1.4-2.1+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-arch\", reference:\"1:2.1.4-2.1+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-core\", reference:\"1:2.1.4-2.1+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-cvs\", reference:\"1:2.1.4-2.1+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-daemon-run\", reference:\"1:2.1.4-2.1+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-daemon-sysvinit\", reference:\"1:2.1.4-2.1+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-doc\", reference:\"1:2.1.4-2.1+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-el\", reference:\"1:2.1.4-2.1+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-email\", reference:\"1:2.1.4-2.1+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-gui\", reference:\"1:2.1.4-2.1+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-man\", reference:\"1:2.1.4-2.1+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-mediawiki\", reference:\"1:2.1.4-2.1+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-svn\", reference:\"1:2.1.4-2.1+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"gitk\", reference:\"1:2.1.4-2.1+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"gitweb\", reference:\"1:2.1.4-2.1+deb8u9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:09:57", "description": "Security fix for CVE-2020-5260\n\nFrom the upstream [release notes](https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.17.\n4.txt) :\n\n> With a crafted URL that contains a newline in it, the credential > helper machinery can be fooled to give credential information for > a wrong host. The attack has been made impossible by forbidding > a newline character in any value passed via the credential > protocol.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-20T00:00:00", "type": "nessus", "title": "Fedora 31 : git (2020-cdef88bb89)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2020-04-27T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:git", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-CDEF88BB89.NASL", "href": "https://www.tenable.com/plugins/nessus/135728", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-cdef88bb89.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135728);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/27\");\n\n script_cve_id(\"CVE-2020-5260\");\n script_xref(name:\"FEDORA\", value:\"2020-cdef88bb89\");\n\n script_name(english:\"Fedora 31 : git (2020-cdef88bb89)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2020-5260\n\nFrom the upstream [release\nnotes](https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.17.\n4.txt) :\n\n> With a crafted URL that contains a newline in it, the credential >\nhelper machinery can be fooled to give credential information for > a\nwrong host. The attack has been made impossible by forbidding > a\nnewline character in any value passed via the credential > protocol.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-cdef88bb89\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5260\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"git-2.25.3-1.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:11:58", "description": "This update for git fixes the following issues :\n\n - CVE-2020-5260: With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host (bsc#1168930). \n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-20T00:00:00", "type": "nessus", "title": "openSUSE Security Update : git (openSUSE-2020-524)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2020-04-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:git", "p-cpe:/a:novell:opensuse:git-arch", "p-cpe:/a:novell:opensuse:git-core", "p-cpe:/a:novell:opensuse:git-core-debuginfo", "p-cpe:/a:novell:opensuse:git-credential-gnome-keyring", "p-cpe:/a:novell:opensuse:git-credential-gnome-keyring-debuginfo", "p-cpe:/a:novell:opensuse:git-credential-libsecret", "p-cpe:/a:novell:opensuse:git-credential-libsecret-debuginfo", "p-cpe:/a:novell:opensuse:git-cvs", "p-cpe:/a:novell:opensuse:git-daemon", "p-cpe:/a:novell:opensuse:git-daemon-debuginfo", "p-cpe:/a:novell:opensuse:git-debuginfo", "p-cpe:/a:novell:opensuse:git-debugsource", "p-cpe:/a:novell:opensuse:git-email", "p-cpe:/a:novell:opensuse:git-gui", "p-cpe:/a:novell:opensuse:git-p4", "p-cpe:/a:novell:opensuse:git-svn", "p-cpe:/a:novell:opensuse:git-svn-debuginfo", "p-cpe:/a:novell:opensuse:git-web", "p-cpe:/a:novell:opensuse:gitk", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-524.NASL", "href": "https://www.tenable.com/plugins/nessus/135749", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-524.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135749);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/27\");\n\n script_cve_id(\"CVE-2020-5260\");\n\n script_name(english:\"openSUSE Security Update : git (openSUSE-2020-524)\");\n script_summary(english:\"Check for the openSUSE-2020-524 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for git fixes the following issues :\n\n - CVE-2020-5260: With a crafted URL that contains a\n newline in it, the credential helper machinery can be\n fooled to give credential information for a wrong host\n (bsc#1168930). \n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1168930\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5260\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-arch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-credential-gnome-keyring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-credential-gnome-keyring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-credential-libsecret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-credential-libsecret-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-daemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-svn-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-2.16.4-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-arch-2.16.4-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-core-2.16.4-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-core-debuginfo-2.16.4-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-credential-gnome-keyring-2.16.4-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-credential-gnome-keyring-debuginfo-2.16.4-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-credential-libsecret-2.16.4-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-credential-libsecret-debuginfo-2.16.4-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-cvs-2.16.4-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-daemon-2.16.4-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-daemon-debuginfo-2.16.4-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-debuginfo-2.16.4-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-debugsource-2.16.4-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-email-2.16.4-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-gui-2.16.4-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-p4-2.16.4-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-svn-2.16.4-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-svn-debuginfo-2.16.4-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-web-2.16.4-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"gitk-2.16.4-lp151.4.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git / git-arch / git-core / git-core-debuginfo / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:11:20", "description": "New git packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-15T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / 14.2 / current : git (SSA:2020-105-01)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2020-04-27T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:git", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2020-105-01.NASL", "href": "https://www.tenable.com/plugins/nessus/135576", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2020-105-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135576);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/27\");\n\n script_cve_id(\"CVE-2020-5260\");\n script_xref(name:\"SSA\", value:\"2020-105-01\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : git (SSA:2020-105-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New git packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2020&m=slackware-security.438101\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9a38da02\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5260\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"git\", pkgver:\"2.17.4\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"git\", pkgver:\"2.17.4\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"git\", pkgver:\"2.17.4\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"git\", pkgver:\"2.17.4\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"git\", pkgver:\"2.17.4\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"git\", pkgver:\"2.17.4\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"git\", pkgver:\"2.26.1\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"git\", pkgver:\"2.26.1\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-24T14:19:58", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1513 advisory.\n\n - git: Crafted URL containing new lines can cause credential leak (CVE-2020-5260)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-22T00:00:00", "type": "nessus", "title": "RHEL 8 : git (RHSA-2020:1513)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.1", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.1", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.2", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:git", "p-cpe:/a:redhat:enterprise_linux:git-all", "p-cpe:/a:redhat:enterprise_linux:git-core", "p-cpe:/a:redhat:enterprise_linux:git-core-doc", "p-cpe:/a:redhat:enterprise_linux:git-daemon", "p-cpe:/a:redhat:enterprise_linux:git-email", "p-cpe:/a:redhat:enterprise_linux:git-gui", "p-cpe:/a:redhat:enterprise_linux:git-instaweb", "p-cpe:/a:redhat:enterprise_linux:git-subtree", "p-cpe:/a:redhat:enterprise_linux:git-svn", "p-cpe:/a:redhat:enterprise_linux:gitk", "p-cpe:/a:redhat:enterprise_linux:gitweb", "p-cpe:/a:redhat:enterprise_linux:perl-Git", "p-cpe:/a:redhat:enterprise_linux:perl-Git-SVN"], "id": "REDHAT-RHSA-2020-1513.NASL", "href": "https://www.tenable.com/plugins/nessus/135875", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1513. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135875);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-5260\");\n script_xref(name:\"RHSA\", value:\"2020:1513\");\n\n script_name(english:\"RHEL 8 : git (RHSA-2020:1513)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:1513 advisory.\n\n - git: Crafted URL containing new lines can cause credential leak (CVE-2020-5260)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-5260\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822020\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5260\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-core-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-subtree\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Git-SVN\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/appstream/debug',\n 'content/eus/rhel8/8.2/s390x/appstream/os',\n 'content/eus/rhel8/8.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/baseos/debug',\n 'content/eus/rhel8/8.2/s390x/baseos/os',\n 'content/eus/rhel8/8.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/highavailability/debug',\n 'content/eus/rhel8/8.2/s390x/highavailability/os',\n 'content/eus/rhel8/8.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/sap/debug',\n 'content/eus/rhel8/8.2/s390x/sap/os',\n 'content/eus/rhel8/8.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/supplementary/debug',\n 'content/eus/rhel8/8.2/s390x/supplementary/os',\n 'content/eus/rhel8/8.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'git-2.18.2-2.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-all-2.18.2-2.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-2.18.2-2.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-doc-2.18.2-2.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-daemon-2.18.2-2.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-email-2.18.2-2.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-gui-2.18.2-2.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-instaweb-2.18.2-2.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-subtree-2.18.2-2.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-svn-2.18.2-2.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitk-2.18.2-2.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitweb-2.18.2-2.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-2.18.2-2.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-SVN-2.18.2-2.el8_1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'git-2.18.2-2.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-all-2.18.2-2.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-2.18.2-2.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-doc-2.18.2-2.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-daemon-2.18.2-2.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-email-2.18.2-2.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-gui-2.18.2-2.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-instaweb-2.18.2-2.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-subtree-2.18.2-2.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-svn-2.18.2-2.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitk-2.18.2-2.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitweb-2.18.2-2.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-2.18.2-2.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-SVN-2.18.2-2.el8_1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'git-2.18.2-2.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-all-2.18.2-2.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-2.18.2-2.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-doc-2.18.2-2.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-daemon-2.18.2-2.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-email-2.18.2-2.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-gui-2.18.2-2.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-instaweb-2.18.2-2.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-subtree-2.18.2-2.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-svn-2.18.2-2.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitk-2.18.2-2.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitweb-2.18.2-2.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-2.18.2-2.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-SVN-2.18.2-2.el8_1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'git-2.18.2-2.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-all-2.18.2-2.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-2.18.2-2.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-doc-2.18.2-2.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-daemon-2.18.2-2.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-email-2.18.2-2.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-gui-2.18.2-2.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-instaweb-2.18.2-2.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-subtree-2.18.2-2.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-svn-2.18.2-2.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitk-2.18.2-2.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitweb-2.18.2-2.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-2.18.2-2.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-SVN-2.18.2-2.el8_1', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.1/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.1/x86_64/appstream/os',\n 'content/e4s/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.1/x86_64/baseos/os',\n 'content/e4s/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap/os',\n 'content/e4s/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/appstream/debug',\n 'content/eus/rhel8/8.1/aarch64/appstream/os',\n 'content/eus/rhel8/8.1/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/baseos/debug',\n 'content/eus/rhel8/8.1/aarch64/baseos/os',\n 'content/eus/rhel8/8.1/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.1/aarch64/highavailability/os',\n 'content/eus/rhel8/8.1/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.1/aarch64/supplementary/os',\n 'content/eus/rhel8/8.1/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.1/ppc64le/appstream/os',\n 'content/eus/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.1/ppc64le/baseos/os',\n 'content/eus/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/sap/debug',\n 'content/eus/rhel8/8.1/ppc64le/sap/os',\n 'content/eus/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/appstream/debug',\n 'content/eus/rhel8/8.1/s390x/appstream/os',\n 'content/eus/rhel8/8.1/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/baseos/debug',\n 'content/eus/rhel8/8.1/s390x/baseos/os',\n 'content/eus/rhel8/8.1/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/highavailability/debug',\n 'content/eus/rhel8/8.1/s390x/highavailability/os',\n 'content/eus/rhel8/8.1/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/sap/debug',\n 'content/eus/rhel8/8.1/s390x/sap/os',\n 'content/eus/rhel8/8.1/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/supplementary/debug',\n 'content/eus/rhel8/8.1/s390x/supplementary/os',\n 'content/eus/rhel8/8.1/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/appstream/debug',\n 'content/eus/rhel8/8.1/x86_64/appstream/os',\n 'content/eus/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/baseos/debug',\n 'content/eus/rhel8/8.1/x86_64/baseos/os',\n 'content/eus/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.1/x86_64/highavailability/os',\n 'content/eus/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap/debug',\n 'content/eus/rhel8/8.1/x86_64/sap/os',\n 'content/eus/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.1/x86_64/supplementary/os',\n 'content/eus/rhel8/8.1/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'git-2.18.2-2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-all-2.18.2-2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-2.18.2-2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-doc-2.18.2-2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-daemon-2.18.2-2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-email-2.18.2-2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-gui-2.18.2-2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-instaweb-2.18.2-2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-subtree-2.18.2-2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-svn-2.18.2-2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitk-2.18.2-2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitweb-2.18.2-2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-2.18.2-2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-SVN-2.18.2-2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'git / git-all / git-core / git-core-doc / git-daemon / git-email / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:20:38", "description": "According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external 'credential helper' programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are:\n 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.(CVE-2020-5260)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-28T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : git (EulerOS-SA-2020-2111)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:git", "p-cpe:/a:huawei:euleros:perl-Git", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2111.NASL", "href": "https://www.tenable.com/plugins/nessus/140878", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140878);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-5260\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : git (EulerOS-SA-2020-2111)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the git packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - Affected versions of Git have a vulnerability whereby\n Git can be tricked into sending private credentials to\n a host controlled by an attacker. Git uses external\n 'credential helper' programs to store and retrieve\n passwords or other credentials from secure storage\n provided by the operating system. Specially-crafted\n URLs that contain an encoded newline can inject\n unintended values into the credential helper protocol\n stream, causing the credential helper to retrieve the\n password for one server (e.g., good.example.com) for an\n HTTP request being made to another server (e.g.,\n evil.example.com), resulting in credentials for the\n former being sent to the latter. There are no\n restrictions on the relationship between the two,\n meaning that an attacker can craft a URL that will\n present stored credentials for any host to a host of\n their choosing. The vulnerability can be triggered by\n feeding a malicious URL to git clone. However, the\n affected URLs look rather suspicious the likely vector\n would be through systems which automatically clone URLs\n not visible to the user, such as Git submodules, or\n package systems built around Git. The problem has been\n patched in the versions published on April 14th, 2020,\n going back to v2.17.x. Anyone wishing to backport the\n change further can do so by applying commit 9a6bbee\n (the full release includes extra checks for git fsck,\n but that commit is sufficient to protect clients\n against the vulnerability). The patched versions are:\n 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2,\n 2.24.2, 2.25.3, 2.26.1.(CVE-2020-5260)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2111\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?98a40f42\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"git-1.8.3.1-20.h4\",\n \"perl-Git-1.8.3.1-20.h4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-26T00:40:43", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1503 advisory.\n\n - git: Crafted URL containing new lines can cause credential leak (CVE-2020-5260)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-01-23T00:00:00", "type": "nessus", "title": "RHEL 7 : rh-git218-git (RHSA-2020:1503)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5260"], "modified": "2023-01-24T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:rh-git218-git:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:rh-git218-git-all:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:rh-git218-git-core:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:rh-git218-git-core-doc:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:rh-git218-git-cvs:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:rh-git218-git-daemon:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:rh-git218-git-email:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:rh-git218-git-gui:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:rh-git218-git-instaweb:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:rh-git218-git-p4:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:rh-git218-git-subtree:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:rh-git218-git-svn:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:rh-git218-gitk:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:rh-git218-gitweb:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:rh-git218-perl-git:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:rh-git218-perl-git-svn:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-1503.NASL", "href": "https://www.tenable.com/plugins/nessus/170323", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1503. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170323);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/24\");\n\n script_cve_id(\"CVE-2020-5260\");\n script_xref(name:\"RHSA\", value:\"2020:1503\");\n\n script_name(english:\"RHEL 7 : rh-git218-git (RHSA-2020:1503)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:1503 advisory.\n\n - git: Crafted URL containing new lines can cause credential leak (CVE-2020-5260)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-5260\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822020\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5260\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-git218-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-git218-git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-git218-git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-git218-git-core-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-git218-git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-git218-git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-git218-git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-git218-git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-git218-git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-git218-git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-git218-git-subtree\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-git218-git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-git218-gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-git218-gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-git218-perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-git218-perl-Git-SVN\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'rh-git218-git-2.18.2-3.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-git218-git-2.18.2-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-git218-git-all-2.18.2-3.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-git218-git-core-2.18.2-3.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-git218-git-core-2.18.2-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-git218-git-core-doc-2.18.2-3.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-git218-git-cvs-2.18.2-3.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-git218-git-daemon-2.18.2-3.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-git218-git-daemon-2.18.2-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-git218-git-email-2.18.2-3.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-git218-git-gui-2.18.2-3.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-git218-git-instaweb-2.18.2-3.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-git218-git-instaweb-2.18.2-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-git218-git-p4-2.18.2-3.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-git218-git-subtree-2.18.2-3.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-git218-git-subtree-2.18.2-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-git218-git-svn-2.18.2-3.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-git218-git-svn-2.18.2-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-git218-gitk-2.18.2-3.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-git218-gitweb-2.18.2-3.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-git218-perl-Git-2.18.2-3.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-git218-perl-Git-SVN-2.18.2-3.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-git218-git / rh-git218-git-all / rh-git218-git-core / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-16T14:33:10", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has git packages installed that are affected by a vulnerability:\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external credential helper programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a blank pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's store helper - Git's cache helper - the osxkeychain helper that ships in Git's contrib directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability. (CVE-2020-11008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-27T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : git Vulnerability (NS-SA-2021-0141)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11008", "CVE-2020-5260"], "modified": "2021-10-27T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:emacs-git", "p-cpe:/a:zte:cgsl_core:emacs-git-el", "p-cpe:/a:zte:cgsl_core:git", "p-cpe:/a:zte:cgsl_core:git-all", "p-cpe:/a:zte:cgsl_core:git-bzr", "p-cpe:/a:zte:cgsl_core:git-cvs", "p-cpe:/a:zte:cgsl_core:git-daemon", "p-cpe:/a:zte:cgsl_core:git-debuginfo", "p-cpe:/a:zte:cgsl_core:git-email", "p-cpe:/a:zte:cgsl_core:git-gnome-keyring", "p-cpe:/a:zte:cgsl_core:git-gui", "p-cpe:/a:zte:cgsl_core:git-hg", "p-cpe:/a:zte:cgsl_core:git-instaweb", "p-cpe:/a:zte:cgsl_core:git-p4", "p-cpe:/a:zte:cgsl_core:git-svn", "p-cpe:/a:zte:cgsl_core:gitk", "p-cpe:/a:zte:cgsl_core:gitweb", "p-cpe:/a:zte:cgsl_core:perl-Git", "p-cpe:/a:zte:cgsl_core:perl-Git-SVN", "p-cpe:/a:zte:cgsl_main:emacs-git", "p-cpe:/a:zte:cgsl_main:emacs-git-el", "p-cpe:/a:zte:cgsl_main:git", "p-cpe:/a:zte:cgsl_main:git-all", "p-cpe:/a:zte:cgsl_main:git-bzr", "p-cpe:/a:zte:cgsl_main:git-cvs", "p-cpe:/a:zte:cgsl_main:git-daemon", "p-cpe:/a:zte:cgsl_main:git-debuginfo", "p-cpe:/a:zte:cgsl_main:git-email", "p-cpe:/a:zte:cgsl_main:git-gnome-keyring", "p-cpe:/a:zte:cgsl_main:git-gui", "p-cpe:/a:zte:cgsl_main:git-hg", "p-cpe:/a:zte:cgsl_main:git-instaweb", "p-cpe:/a:zte:cgsl_main:git-p4", "p-cpe:/a:zte:cgsl_main:git-svn", "p-cpe:/a:zte:cgsl_main:gitk", "p-cpe:/a:zte:cgsl_main:gitweb", "p-cpe:/a:zte:cgsl_main:perl-Git", "p-cpe:/a:zte:cgsl_main:perl-Git-SVN", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2021-0141_GIT.NASL", "href": "https://www.tenable.com/plugins/nessus/154511", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0141. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154511);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/27\");\n\n script_cve_id(\"CVE-2020-11008\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : git Vulnerability (NS-SA-2021-0141)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has git packages installed that are affected by a\nvulnerability:\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials\n to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix\n for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker\n cannot control which one). Git uses external credential helper programs to store and retrieve passwords\n or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are\n considered illegal as of the recently published Git versions can cause Git to send a blank pattern to\n helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and\n will return some unspecified stored password, leaking the password to an attacker's server. The\n vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look\n rather suspicious; the likely vector would be through systems which automatically clone URLs not visible\n to the user, such as Git submodules, or package systems built around Git. The root of the problem is in\n Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the\n vulnerability in practice depends on which helpers are in use. Credential helpers which are known to\n trigger the vulnerability: - Git's store helper - Git's cache helper - the osxkeychain helper that\n ships in Git's contrib directory Credential helpers which are known to be safe even with vulnerable\n versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to\n trigger the vulnerability. (CVE-2020-11008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0141\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-11008\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL git packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11008\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:git-gnome-keyring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:git-gnome-keyring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.05': [\n 'emacs-git-1.8.3.1-23.el7_8',\n 'emacs-git-el-1.8.3.1-23.el7_8',\n 'git-1.8.3.1-23.el7_8',\n 'git-all-1.8.3.1-23.el7_8',\n 'git-bzr-1.8.3.1-23.el7_8',\n 'git-cvs-1.8.3.1-23.el7_8',\n 'git-daemon-1.8.3.1-23.el7_8',\n 'git-debuginfo-1.8.3.1-23.el7_8',\n 'git-email-1.8.3.1-23.el7_8',\n 'git-gnome-keyring-1.8.3.1-23.el7_8',\n 'git-gui-1.8.3.1-23.el7_8',\n 'git-hg-1.8.3.1-23.el7_8',\n 'git-instaweb-1.8.3.1-23.el7_8',\n 'git-p4-1.8.3.1-23.el7_8',\n 'git-svn-1.8.3.1-23.el7_8',\n 'gitk-1.8.3.1-23.el7_8',\n 'gitweb-1.8.3.1-23.el7_8',\n 'perl-Git-1.8.3.1-23.el7_8',\n 'perl-Git-SVN-1.8.3.1-23.el7_8'\n ],\n 'CGSL MAIN 5.05': [\n 'emacs-git-1.8.3.1-23.el7_8',\n 'emacs-git-el-1.8.3.1-23.el7_8',\n 'git-1.8.3.1-23.el7_8',\n 'git-all-1.8.3.1-23.el7_8',\n 'git-bzr-1.8.3.1-23.el7_8',\n 'git-cvs-1.8.3.1-23.el7_8',\n 'git-daemon-1.8.3.1-23.el7_8',\n 'git-debuginfo-1.8.3.1-23.el7_8',\n 'git-email-1.8.3.1-23.el7_8',\n 'git-gnome-keyring-1.8.3.1-23.el7_8',\n 'git-gui-1.8.3.1-23.el7_8',\n 'git-hg-1.8.3.1-23.el7_8',\n 'git-instaweb-1.8.3.1-23.el7_8',\n 'git-p4-1.8.3.1-23.el7_8',\n 'git-svn-1.8.3.1-23.el7_8',\n 'gitk-1.8.3.1-23.el7_8',\n 'gitweb-1.8.3.1-23.el7_8',\n 'perl-Git-1.8.3.1-23.el7_8',\n 'perl-Git-SVN-1.8.3.1-23.el7_8'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'git');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-10T14:55:14", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has git packages installed that are affected by multiple vulnerabilities:\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external credential helper programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a blank pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's store helper - Git's cache helper - the osxkeychain helper that ships in Git's contrib directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability. (CVE-2020-11008)\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external credential helper programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.\n (CVE-2020-5260)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : git Multiple Vulnerabilities (NS-SA-2020-0075)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11008", "CVE-2020-5260"], "modified": "2020-12-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0075_GIT.NASL", "href": "https://www.tenable.com/plugins/nessus/143893", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0075. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143893);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/10\");\n\n script_cve_id(\"CVE-2020-5260\", \"CVE-2020-11008\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : git Multiple Vulnerabilities (NS-SA-2020-0075)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has git packages installed that are affected by\nmultiple vulnerabilities:\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials\n to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix\n for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker\n cannot control which one). Git uses external credential helper programs to store and retrieve passwords\n or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are\n considered illegal as of the recently published Git versions can cause Git to send a blank pattern to\n helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and\n will return some unspecified stored password, leaking the password to an attacker's server. The\n vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look\n rather suspicious; the likely vector would be through systems which automatically clone URLs not visible\n to the user, such as Git submodules, or package systems built around Git. The root of the problem is in\n Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the\n vulnerability in practice depends on which helpers are in use. Credential helpers which are known to\n trigger the vulnerability: - Git's store helper - Git's cache helper - the osxkeychain helper that\n ships in Git's contrib directory Credential helpers which are known to be safe even with vulnerable\n versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to\n trigger the vulnerability. (CVE-2020-11008)\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials\n to a host controlled by an attacker. Git uses external credential helper programs to store and retrieve\n passwords or other credentials from secure storage provided by the operating system. Specially-crafted\n URLs that contain an encoded newline can inject unintended values into the credential helper protocol\n stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for\n an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the\n former being sent to the latter. There are no restrictions on the relationship between the two, meaning\n that an attacker can craft a URL that will present stored credentials for any host to a host of their\n choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the\n affected URLs look rather suspicious; the likely vector would be through systems which automatically clone\n URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has\n been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to\n backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks\n for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched\n versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.\n (CVE-2020-5260)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0075\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL git packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5260\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'emacs-git-1.8.3.1-23.el7_8',\n 'emacs-git-el-1.8.3.1-23.el7_8',\n 'git-1.8.3.1-23.el7_8',\n 'git-all-1.8.3.1-23.el7_8',\n 'git-bzr-1.8.3.1-23.el7_8',\n 'git-cvs-1.8.3.1-23.el7_8',\n 'git-daemon-1.8.3.1-23.el7_8',\n 'git-debuginfo-1.8.3.1-23.el7_8',\n 'git-email-1.8.3.1-23.el7_8',\n 'git-gnome-keyring-1.8.3.1-23.el7_8',\n 'git-gui-1.8.3.1-23.el7_8',\n 'git-hg-1.8.3.1-23.el7_8',\n 'git-instaweb-1.8.3.1-23.el7_8',\n 'git-p4-1.8.3.1-23.el7_8',\n 'git-svn-1.8.3.1-23.el7_8',\n 'gitk-1.8.3.1-23.el7_8',\n 'gitweb-1.8.3.1-23.el7_8',\n 'perl-Git-1.8.3.1-23.el7_8',\n 'perl-Git-SVN-1.8.3.1-23.el7_8'\n ],\n 'CGSL MAIN 5.04': [\n 'emacs-git-1.8.3.1-23.el7_8',\n 'emacs-git-el-1.8.3.1-23.el7_8',\n 'git-1.8.3.1-23.el7_8',\n 'git-all-1.8.3.1-23.el7_8',\n 'git-bzr-1.8.3.1-23.el7_8',\n 'git-cvs-1.8.3.1-23.el7_8',\n 'git-daemon-1.8.3.1-23.el7_8',\n 'git-debuginfo-1.8.3.1-23.el7_8',\n 'git-email-1.8.3.1-23.el7_8',\n 'git-gnome-keyring-1.8.3.1-23.el7_8',\n 'git-gui-1.8.3.1-23.el7_8',\n 'git-hg-1.8.3.1-23.el7_8',\n 'git-instaweb-1.8.3.1-23.el7_8',\n 'git-p4-1.8.3.1-23.el7_8',\n 'git-svn-1.8.3.1-23.el7_8',\n 'gitk-1.8.3.1-23.el7_8',\n 'gitweb-1.8.3.1-23.el7_8',\n 'perl-Git-1.8.3.1-23.el7_8',\n 'perl-Git-SVN-1.8.3.1-23.el7_8'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'git');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-10T14:53:59", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has git packages installed that are affected by multiple vulnerabilities:\n\n - An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones. (CVE-2019-1387)\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external credential helper programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.\n (CVE-2020-5260)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : git Multiple Vulnerabilities (NS-SA-2020-0113)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1387", "CVE-2020-5260"], "modified": "2020-12-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0113_GIT.NASL", "href": "https://www.tenable.com/plugins/nessus/143890", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0113. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143890);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/10\");\n\n script_cve_id(\"CVE-2019-1387\", \"CVE-2020-5260\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : git Multiple Vulnerabilities (NS-SA-2020-0113)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has git packages installed that are affected by\nmultiple vulnerabilities:\n\n - An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3,\n v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused\n by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in\n recursive clones. (CVE-2019-1387)\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials\n to a host controlled by an attacker. Git uses external credential helper programs to store and retrieve\n passwords or other credentials from secure storage provided by the operating system. Specially-crafted\n URLs that contain an encoded newline can inject unintended values into the credential helper protocol\n stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for\n an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the\n former being sent to the latter. There are no restrictions on the relationship between the two, meaning\n that an attacker can craft a URL that will present stored credentials for any host to a host of their\n choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the\n affected URLs look rather suspicious; the likely vector would be through systems which automatically clone\n URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has\n been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to\n backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks\n for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched\n versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.\n (CVE-2020-5260)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0113\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL git packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1387\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.05': [\n 'emacs-git-1.8.3.1-22.el7_8',\n 'emacs-git-el-1.8.3.1-22.el7_8',\n 'git-1.8.3.1-22.el7_8',\n 'git-all-1.8.3.1-22.el7_8',\n 'git-bzr-1.8.3.1-22.el7_8',\n 'git-cvs-1.8.3.1-22.el7_8',\n 'git-daemon-1.8.3.1-22.el7_8',\n 'git-debuginfo-1.8.3.1-22.el7_8',\n 'git-email-1.8.3.1-22.el7_8',\n 'git-gnome-keyring-1.8.3.1-22.el7_8',\n 'git-gui-1.8.3.1-22.el7_8',\n 'git-hg-1.8.3.1-22.el7_8',\n 'git-instaweb-1.8.3.1-22.el7_8',\n 'git-p4-1.8.3.1-22.el7_8',\n 'git-svn-1.8.3.1-22.el7_8',\n 'gitk-1.8.3.1-22.el7_8',\n 'gitweb-1.8.3.1-22.el7_8',\n 'perl-Git-1.8.3.1-22.el7_8',\n 'perl-Git-SVN-1.8.3.1-22.el7_8'\n ],\n 'CGSL MAIN 5.05': [\n 'emacs-git-1.8.3.1-22.el7_8',\n 'emacs-git-el-1.8.3.1-22.el7_8',\n 'git-1.8.3.1-22.el7_8',\n 'git-all-1.8.3.1-22.el7_8',\n 'git-bzr-1.8.3.1-22.el7_8',\n 'git-cvs-1.8.3.1-22.el7_8',\n 'git-daemon-1.8.3.1-22.el7_8',\n 'git-debuginfo-1.8.3.1-22.el7_8',\n 'git-email-1.8.3.1-22.el7_8',\n 'git-gnome-keyring-1.8.3.1-22.el7_8',\n 'git-gui-1.8.3.1-22.el7_8',\n 'git-hg-1.8.3.1-22.el7_8',\n 'git-instaweb-1.8.3.1-22.el7_8',\n 'git-p4-1.8.3.1-22.el7_8',\n 'git-svn-1.8.3.1-22.el7_8',\n 'gitk-1.8.3.1-22.el7_8',\n 'gitweb-1.8.3.1-22.el7_8',\n 'perl-Git-1.8.3.1-22.el7_8',\n 'perl-Git-SVN-1.8.3.1-22.el7_8'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'git');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-15T14:11:13", "description": "According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, including tools for integrating with other SCMs, install the git-all meta-package.Security Fix(es):Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where\n _some_ credential is leaked (but the attacker cannot control which one). Git uses external 'credential helper' programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a 'blank' pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's 'store' helper - Git's 'cache' helper - the 'osxkeychain' helper that ships in Git's 'contrib' directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability.(CVE-2020-11008)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-02-22T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : git (EulerOS-SA-2021-1298)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11008", "CVE-2020-5260"], "modified": "2021-02-24T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:git", "p-cpe:/a:huawei:euleros:perl-Git", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1298.NASL", "href": "https://www.tenable.com/plugins/nessus/146765", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146765);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/24\");\n\n script_cve_id(\n \"CVE-2020-11008\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : git (EulerOS-SA-2021-1298)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the git packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - Git is a fast, scalable, distributed revision control\n system with an unusually rich command set that provides\n both high-level operations and full access to\n internals. The git rpm installs common set of tools\n which are usually using with small amount of\n dependencies. To install all git packages, including\n tools for integrating with other SCMs, install the\n git-all meta-package.Security Fix(es):Affected versions\n of Git have a vulnerability whereby Git can be tricked\n into sending private credentials to a host controlled\n by an attacker. This bug is similar to\n CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that\n bug still left the door open for an exploit where\n _some_ credential is leaked (but the attacker cannot\n control which one). Git uses external 'credential\n helper' programs to store and retrieve passwords or\n other credentials from secure storage provided by the\n operating system. Specially-crafted URLs that are\n considered illegal as of the recently published Git\n versions can cause Git to send a 'blank' pattern to\n helpers, missing hostname and protocol fields. Many\n helpers will interpret this as matching _any_ URL, and\n will return some unspecified stored password, leaking\n the password to an attacker's server. The vulnerability\n can be triggered by feeding a malicious URL to `git\n clone`. However, the affected URLs look rather\n suspicious the likely vector would be through systems\n which automatically clone URLs not visible to the user,\n such as Git submodules, or package systems built around\n Git. The root of the problem is in Git itself, which\n should not be feeding blank input to helpers. However,\n the ability to exploit the vulnerability in practice\n depends on which helpers are in use. Credential helpers\n which are known to trigger the vulnerability: - Git's\n 'store' helper - Git's 'cache' helper - the\n 'osxkeychain' helper that ships in Git's 'contrib'\n directory Credential helpers which are known to be safe\n even with vulnerable versions of Git: - Git Credential\n Manager for Windows Any helper not in this list should\n be assumed to trigger the\n vulnerability.(CVE-2020-11008)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1298\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f672beef\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"git-1.8.3.1-14.h6\",\n \"perl-Git-1.8.3.1-14.h6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-15T14:10:07", "description": "According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where\n _some_ credential is leaked (but the attacker cannot control which one). Git uses external 'credential helper' programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a 'blank' pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's 'store' helper - Git's 'cache' helper - the 'osxkeychain' helper that ships in Git's 'contrib' directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability.(CVE-2020-11008)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-01-20T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : git (EulerOS-SA-2021-1068)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11008", "CVE-2020-5260"], "modified": "2021-01-22T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:git", "p-cpe:/a:huawei:euleros:perl-Git", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1068.NASL", "href": "https://www.tenable.com/plugins/nessus/145168", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145168);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/22\");\n\n script_cve_id(\n \"CVE-2020-11008\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : git (EulerOS-SA-2021-1068)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the git packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - Affected versions of Git have a vulnerability whereby\n Git can be tricked into sending private credentials to\n a host controlled by an attacker. This bug is similar\n to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that\n bug still left the door open for an exploit where\n _some_ credential is leaked (but the attacker cannot\n control which one). Git uses external 'credential\n helper' programs to store and retrieve passwords or\n other credentials from secure storage provided by the\n operating system. Specially-crafted URLs that are\n considered illegal as of the recently published Git\n versions can cause Git to send a 'blank' pattern to\n helpers, missing hostname and protocol fields. Many\n helpers will interpret this as matching _any_ URL, and\n will return some unspecified stored password, leaking\n the password to an attacker's server. The vulnerability\n can be triggered by feeding a malicious URL to `git\n clone`. However, the affected URLs look rather\n suspicious the likely vector would be through systems\n which automatically clone URLs not visible to the user,\n such as Git submodules, or package systems built around\n Git. The root of the problem is in Git itself, which\n should not be feeding blank input to helpers. However,\n the ability to exploit the vulnerability in practice\n depends on which helpers are in use. Credential helpers\n which are known to trigger the vulnerability: - Git's\n 'store' helper - Git's 'cache' helper - the\n 'osxkeychain' helper that ships in Git's 'contrib'\n directory Credential helpers which are known to be safe\n even with vulnerable versions of Git: - Git Credential\n Manager for Windows Any helper not in this list should\n be assumed to trigger the\n vulnerability.(CVE-2020-11008)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1068\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0ae89178\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"git-1.8.3.1-20.h5\",\n \"perl-Git-1.8.3.1-20.h5\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:55:50", "description": "According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external 'credential helper' programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a 'blank' pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's 'store' helper - Git's 'cache' helper - the 'osxkeychain' helper that ships in Git's 'contrib' directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability. (CVE-2020-11008)\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external 'credential helper' programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.\n (CVE-2020-5260)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-27T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : git (EulerOS-SA-2021-2549)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11008", "CVE-2020-5260"], "modified": "2022-01-20T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:git", "p-cpe:/a:huawei:euleros:git-help", "p-cpe:/a:huawei:euleros:perl-Git", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2549.NASL", "href": "https://www.tenable.com/plugins/nessus/153736", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153736);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/20\");\n\n script_cve_id(\"CVE-2020-5260\", \"CVE-2020-11008\");\n\n script_name(english:\"EulerOS 2.0 SP9 : git (EulerOS-SA-2021-2549)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials\n to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix\n for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker\n cannot control which one). Git uses external 'credential helper' programs to store and retrieve passwords\n or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are\n considered illegal as of the recently published Git versions can cause Git to send a 'blank' pattern to\n helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and\n will return some unspecified stored password, leaking the password to an attacker's server. The\n vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look\n rather suspicious; the likely vector would be through systems which automatically clone URLs not visible\n to the user, such as Git submodules, or package systems built around Git. The root of the problem is in\n Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the\n vulnerability in practice depends on which helpers are in use. Credential helpers which are known to\n trigger the vulnerability: - Git's 'store' helper - Git's 'cache' helper - the 'osxkeychain' helper that\n ships in Git's 'contrib' directory Credential helpers which are known to be safe even with vulnerable\n versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to\n trigger the vulnerability. (CVE-2020-11008)\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials\n to a host controlled by an attacker. Git uses external 'credential helper' programs to store and retrieve\n passwords or other credentials from secure storage provided by the operating system. Specially-crafted\n URLs that contain an encoded newline can inject unintended values into the credential helper protocol\n stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for\n an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the\n former being sent to the latter. There are no restrictions on the relationship between the two, meaning\n that an attacker can craft a URL that will present stored credentials for any host to a host of their\n choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the\n affected URLs look rather suspicious; the likely vector would be through systems which automatically clone\n URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has\n been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to\n backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks\n for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched\n versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.\n (CVE-2020-5260)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2549\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3b6567a4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5260\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git-help\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"git-2.23.0-12.h5.eulerosv2r9\",\n \"git-help-2.23.0-12.h5.eulerosv2r9\",\n \"perl-Git-2.23.0-12.h5.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:55:18", "description": "According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external 'credential helper' programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a 'blank' pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's 'store' helper - Git's 'cache' helper - the 'osxkeychain' helper that ships in Git's 'contrib' directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability. (CVE-2020-11008)\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external 'credential helper' programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.\n (CVE-2020-5260)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-27T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : git (EulerOS-SA-2021-2525)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11008", "CVE-2020-5260"], "modified": "2022-01-20T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:git", "p-cpe:/a:huawei:euleros:git-help", "p-cpe:/a:huawei:euleros:perl-Git", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2525.NASL", "href": "https://www.tenable.com/plugins/nessus/153674", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153674);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/20\");\n\n script_cve_id(\"CVE-2020-5260\", \"CVE-2020-11008\");\n\n script_name(english:\"EulerOS 2.0 SP9 : git (EulerOS-SA-2021-2525)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials\n to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix\n for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker\n cannot control which one). Git uses external 'credential helper' programs to store and retrieve passwords\n or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are\n considered illegal as of the recently published Git versions can cause Git to send a 'blank' pattern to\n helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and\n will return some unspecified stored password, leaking the password to an attacker's server. The\n vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look\n rather suspicious; the likely vector would be through systems which automatically clone URLs not visible\n to the user, such as Git submodules, or package systems built around Git. The root of the problem is in\n Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the\n vulnerability in practice depends on which helpers are in use. Credential helpers which are known to\n trigger the vulnerability: - Git's 'store' helper - Git's 'cache' helper - the 'osxkeychain' helper that\n ships in Git's 'contrib' directory Credential helpers which are known to be safe even with vulnerable\n versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to\n trigger the vulnerability. (CVE-2020-11008)\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials\n to a host controlled by an attacker. Git uses external 'credential helper' programs to store and retrieve\n passwords or other credentials from secure storage provided by the operating system. Specially-crafted\n URLs that contain an encoded newline can inject unintended values into the credential helper protocol\n stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for\n an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the\n former being sent to the latter. There are no restrictions on the relationship between the two, meaning\n that an attacker can craft a URL that will present stored credentials for any host to a host of their\n choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the\n affected URLs look rather suspicious; the likely vector would be through systems which automatically clone\n URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has\n been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to\n backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks\n for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched\n versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.\n (CVE-2020-5260)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2525\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2566aeab\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5260\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git-help\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"git-2.23.0-12.h5.eulerosv2r9\",\n \"git-help-2.23.0-12.h5.eulerosv2r9\",\n \"perl-Git-2.23.0-12.h5.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:17:30", "description": "Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260 (GHSA-qm7j-c969-7j4q).\nThe fix for that bug still left the door open for an exploit where\n_some_ credential is leaked (but the attacker cannot control which one). Git uses external 'credential helper' programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a 'blank' pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's 'store' helper - Git's 'cache' helper - the 'osxkeychain' helper that ships in Git's 'contrib' directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability. (CVE-2020-11008)\n\nAffected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external 'credential helper' programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.\n(CVE-2020-5260)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-30T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : git (ALAS-2020-1413)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11008", "CVE-2020-5260"], "modified": "2020-08-13T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:emacs-git", "p-cpe:/a:amazon:linux:emacs-git-el", "p-cpe:/a:amazon:linux:git", "p-cpe:/a:amazon:linux:git-all", "p-cpe:/a:amazon:linux:git-bzr", "p-cpe:/a:amazon:linux:git-core", "p-cpe:/a:amazon:linux:git-core-doc", "p-cpe:/a:amazon:linux:git-cvs", "p-cpe:/a:amazon:linux:git-daemon", "p-cpe:/a:amazon:linux:git-debuginfo", "p-cpe:/a:amazon:linux:git-email", "p-cpe:/a:amazon:linux:git-hg", "p-cpe:/a:amazon:linux:git-instaweb", "p-cpe:/a:amazon:linux:git-p4", "p-cpe:/a:amazon:linux:git-subtree", "p-cpe:/a:amazon:linux:git-svn", "p-cpe:/a:amazon:linux:gitweb", "p-cpe:/a:amazon:linux:perl-Git", "p-cpe:/a:amazon:linux:perl-Git-SVN", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2020-1413.NASL", "href": "https://www.tenable.com/plugins/nessus/139093", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1413.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139093);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/13\");\n\n script_cve_id(\"CVE-2020-11008\", \"CVE-2020-5260\");\n script_xref(name:\"ALAS\", value:\"2020-1413\");\n\n script_name(english:\"Amazon Linux AMI : git (ALAS-2020-1413)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Affected versions of Git have a vulnerability whereby Git can be\ntricked into sending private credentials to a host controlled by an\nattacker. This bug is similar to CVE-2020-5260 (GHSA-qm7j-c969-7j4q).\nThe fix for that bug still left the door open for an exploit where\n_some_ credential is leaked (but the attacker cannot control which\none). Git uses external 'credential helper' programs to store and\nretrieve passwords or other credentials from secure storage provided\nby the operating system. Specially crafted URLs that are considered\nillegal as of the recently published Git versions can cause Git to\nsend a 'blank' pattern to helpers, missing hostname and protocol\nfields. Many helpers will interpret this as matching _any_ URL, and\nwill return some unspecified stored password, leaking the password to\nan attacker's server. The vulnerability can be triggered by feeding a\nmalicious URL to `git clone`. However, the affected URLs look rather\nsuspicious; the likely vector would be through systems which\nautomatically clone URLs not visible to the user, such as Git\nsubmodules, or package systems built around Git. The root of the\nproblem is in Git itself, which should not be feeding blank input to\nhelpers. However, the ability to exploit the vulnerability in practice\ndepends on which helpers are in use. Credential helpers which are\nknown to trigger the vulnerability: - Git's 'store' helper - Git's\n'cache' helper - the 'osxkeychain' helper that ships in Git's\n'contrib' directory Credential helpers which are known to be safe even\nwith vulnerable versions of Git: - Git Credential Manager for Windows\nAny helper not in this list should be assumed to trigger the\nvulnerability. (CVE-2020-11008)\n\nAffected versions of Git have a vulnerability whereby Git can be\ntricked into sending private credentials to a host controlled by an\nattacker. Git uses external 'credential helper' programs to store and\nretrieve passwords or other credentials from secure storage provided\nby the operating system. Specially crafted URLs that contain an\nencoded newline can inject unintended values into the credential\nhelper protocol stream, causing the credential helper to retrieve the\npassword for one server (e.g., good.example.com) for an HTTP request\nbeing made to another server (e.g., evil.example.com), resulting in\ncredentials for the former being sent to the latter. There are no\nrestrictions on the relationship between the two, meaning that an\nattacker can craft a URL that will present stored credentials for any\nhost to a host of their choosing. The vulnerability can be triggered\nby feeding a malicious URL to git clone. However, the affected URLs\nlook rather suspicious; the likely vector would be through systems\nwhich automatically clone URLs not visible to the user, such as Git\nsubmodules, or package systems built around Git. The problem has been\npatched in the versions published on April 14th, 2020, going back to\nv2.17.x. Anyone wishing to backport the change further can do so by\napplying commit 9a6bbee (the full release includes extra checks for\ngit fsck, but that commit is sufficient to protect clients against the\nvulnerability). The patched versions are: 2.17.4, 2.18.3, 2.19.4,\n2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.\n(CVE-2020-5260)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2020-1413.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update git' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-core-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-subtree\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"emacs-git-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"emacs-git-el-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-all-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-bzr-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-core-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-core-doc-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-cvs-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-daemon-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-debuginfo-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-email-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-hg-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-instaweb-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-p4-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-subtree-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-svn-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"gitweb-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Git-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Git-SVN-2.18.4-2.71.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs-git / emacs-git-el / git / git-all / git-bzr / git-core / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-26T14:42:56", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3581 advisory.\n\n - git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008)\n\n - git: Crafted URL containing new lines can cause credential leak (CVE-2020-5260)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-08-31T00:00:00", "type": "nessus", "title": "RHEL 7 : git (RHSA-2020:3581)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11008", "CVE-2020-5260"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:rhel_eus:7.7:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:emacs-git:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:emacs-git-el:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:git:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:git-all:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:git-bzr:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:git-cvs:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:git-daemon:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:git-email:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:git-gui:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:git-hg:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:git-p4:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:git-svn:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:gitk:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:gitweb:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:perl-git:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:perl-git-svn:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:git-gnome-keyring:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:git-instaweb:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_aus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_tus:7.7:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-3581.NASL", "href": "https://www.tenable.com/plugins/nessus/140083", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3581. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140083);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-5260\", \"CVE-2020-11008\");\n script_xref(name:\"RHSA\", value:\"2020:3581\");\n\n script_name(english:\"RHEL 7 : git (RHSA-2020:3581)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3581 advisory.\n\n - git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak\n (CVE-2020-11008)\n\n - git: Crafted URL containing new lines can cause credential leak (CVE-2020-5260)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-5260\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1826001\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5260\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-gnome-keyring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Git-SVN\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.7')) audit(AUDIT_OS_NOT, 'Red Hat 7.7', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.7/x86_64/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.7/x86_64/os',\n 'content/aus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.7/s390x/debug',\n 'content/eus/rhel/system-z/7/7.7/s390x/optional/debug',\n 'content/eus/rhel/system-z/7/7.7/s390x/optional/os',\n 'content/eus/rhel/system-z/7/7.7/s390x/optional/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.7/s390x/os',\n 'content/eus/rhel/system-z/7/7.7/s390x/sap/debug',\n 'content/eus/rhel/system-z/7/7.7/s390x/sap/os',\n 'content/eus/rhel/system-z/7/7.7/s390x/sap/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.7/s390x/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/os',\n 'content/tus/rhel/server/7/7.7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'emacs-git-1.8.3.1-23.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'emacs-git-el-1.8.3.1-23.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-1.8.3.1-23.el7_7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-1.8.3.1-23.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-all-1.8.3.1-23.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-bzr-1.8.3.1-23.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-cvs-1.8.3.1-23.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-daemon-1.8.3.1-23.el7_7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-daemon-1.8.3.1-23.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-email-1.8.3.1-23.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-gnome-keyring-1.8.3.1-23.el7_7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-gnome-keyring-1.8.3.1-23.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-gui-1.8.3.1-23.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-hg-1.8.3.1-23.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-instaweb-1.8.3.1-23.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-p4-1.8.3.1-23.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-svn-1.8.3.1-23.el7_7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-svn-1.8.3.1-23.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitk-1.8.3.1-23.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitweb-1.8.3.1-23.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-1.8.3.1-23.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-SVN-1.8.3.1-23.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'emacs-git / emacs-git-el / git / git-all / git-bzr / git-cvs / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:12:05", "description": "Security fix for CVE-2020-5260\n\nFrom the upstream [release notes](https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.17.\n5.txt) :\n\n> With a crafted URL that contains a newline or empty host, or lacks > a scheme, the credential helper machinery can be fooled into > providing credential information that is not appropriate for the > protocol in use and host being contacted. > > Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the > credentials are not for a host of the attacker's choosing; instead, > they are for some unspecified host (based on how the configured > credential helper handles an absent 'host' parameter). > > The attack has been made impossible by refusing to work with > under-specified credential patterns.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-27T00:00:00", "type": "nessus", "title": "Fedora 31 : git (2020-f6b3b6fb18)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11008", "CVE-2020-5260"], "modified": "2020-04-30T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:git", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-F6B3B6FB18.NASL", "href": "https://www.tenable.com/plugins/nessus/136001", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-f6b3b6fb18.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136001);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/30\");\n\n script_cve_id(\"CVE-2020-11008\", \"CVE-2020-5260\");\n script_xref(name:\"FEDORA\", value:\"2020-f6b3b6fb18\");\n\n script_name(english:\"Fedora 31 : git (2020-f6b3b6fb18)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2020-5260\n\nFrom the upstream [release\nnotes](https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.17.\n5.txt) :\n\n> With a crafted URL that contains a newline or empty host, or lacks >\na scheme, the credential helper machinery can be fooled into >\nproviding credential information that is not appropriate for the >\nprotocol in use and host being contacted. > > Unlike the vulnerability\nCVE-2020-5260 fixed in v2.17.4, the > credentials are not for a host\nof the attacker's choosing; instead, > they are for some unspecified\nhost (based on how the configured > credential helper handles an\nabsent 'host' parameter). > > The attack has been made impossible by\nrefusing to work with > under-specified credential patterns.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-f6b3b6fb18\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"git-2.25.4-1.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:11:50", "description": "The remote host is affected by the vulnerability described in GLSA-202004-13 (Git: Information disclosure)\n\n Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker, by providing a specially crafted URL, could possibly trick Git into returning credential information for a wrong host.\n Workaround :\n\n Disabling credential helpers will prevent this vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-24T00:00:00", "type": "nessus", "title": "GLSA-202004-13 : Git: Information disclosure", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11008", "CVE-2020-5260"], "modified": "2020-04-28T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:git", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202004-13.NASL", "href": "https://www.tenable.com/plugins/nessus/135949", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202004-13.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135949);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/28\");\n\n script_cve_id(\"CVE-2020-11008\", \"CVE-2020-5260\");\n script_xref(name:\"GLSA\", value:\"202004-13\");\n\n script_name(english:\"GLSA-202004-13 : Git: Information disclosure\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-202004-13\n(Git: Information disclosure)\n\n Multiple vulnerabilities have been discovered in Git. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker, by providing a specially crafted URL, could possibly\n trick Git into returning credential information for a wrong host.\n \nWorkaround :\n\n Disabling credential helpers will prevent this vulnerability.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202004-13\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Git 2.23.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-vcs/git-2.23.3'\n All Git 2.24.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-vcs/git-2.24.3'\n All Git 2.25.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-vcs/git-2.25.4'\n All Git 2.26.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-vcs/git-2.26.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-vcs/git\", unaffected:make_list(\"rge 2.23.3\", \"rge 2.24.3\", \"rge 2.25.4\", \"rge 2.26.2\"), vulnerable:make_list(\"lt 2.26.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Git\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-15T14:36:19", "description": "Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260 (GHSA-qm7j-c969-7j4q).\nThe fix for that bug still left the door open for an exploit where\n_some_ credential is leaked (but the attacker cannot control which one). Git uses external 'credential helper' programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a 'blank' pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's 'store' helper - Git's 'cache' helper - the 'osxkeychain' helper that ships in Git's 'contrib' directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability. (CVE-2020-11008)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-07T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : git (ALAS-2020-1416)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11008", "CVE-2020-5260"], "modified": "2020-05-11T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:git", "p-cpe:/a:amazon:linux:git-all", "p-cpe:/a:amazon:linux:git-core", "p-cpe:/a:amazon:linux:git-core-doc", "p-cpe:/a:amazon:linux:git-cvs", "p-cpe:/a:amazon:linux:git-daemon", "p-cpe:/a:amazon:linux:git-debuginfo", "p-cpe:/a:amazon:linux:git-email", "p-cpe:/a:amazon:linux:git-gui", "p-cpe:/a:amazon:linux:git-instaweb", "p-cpe:/a:amazon:linux:git-p4", "p-cpe:/a:amazon:linux:git-subtree", "p-cpe:/a:amazon:linux:git-svn", "p-cpe:/a:amazon:linux:gitk", "p-cpe:/a:amazon:linux:gitweb", "p-cpe:/a:amazon:linux:perl-Git", "p-cpe:/a:amazon:linux:perl-Git-SVN", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1416.NASL", "href": "https://www.tenable.com/plugins/nessus/136360", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1416.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136360);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/11\");\n\n script_cve_id(\"CVE-2020-11008\");\n script_xref(name:\"ALAS\", value:\"2020-1416\");\n\n script_name(english:\"Amazon Linux 2 : git (ALAS-2020-1416)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Affected versions of Git have a vulnerability whereby Git can be\ntricked into sending private credentials to a host controlled by an\nattacker. This bug is similar to CVE-2020-5260 (GHSA-qm7j-c969-7j4q).\nThe fix for that bug still left the door open for an exploit where\n_some_ credential is leaked (but the attacker cannot control which\none). Git uses external 'credential helper' programs to store and\nretrieve passwords or other credentials from secure storage provided\nby the operating system. Specially crafted URLs that are considered\nillegal as of the recently published Git versions can cause Git to\nsend a 'blank' pattern to helpers, missing hostname and protocol\nfields. Many helpers will interpret this as matching _any_ URL, and\nwill return some unspecified stored password, leaking the password to\nan attacker's server. The vulnerability can be triggered by feeding a\nmalicious URL to `git clone`. However, the affected URLs look rather\nsuspicious; the likely vector would be through systems which\nautomatically clone URLs not visible to the user, such as Git\nsubmodules, or package systems built around Git. The root of the\nproblem is in Git itself, which should not be feeding blank input to\nhelpers. However, the ability to exploit the vulnerability in practice\ndepends on which helpers are in use. Credential helpers which are\nknown to trigger the vulnerability: - Git's 'store' helper - Git's\n'cache' helper - the 'osxkeychain' helper that ships in Git's\n'contrib' directory Credential helpers which are known to be safe even\nwith vulnerable versions of Git: - Git Credential Manager for Windows\nAny helper not in this list should be assumed to trigger the\nvulnerability. (CVE-2020-11008)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1416.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update git' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-core-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-subtree\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"git-2.23.3-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"git-all-2.23.3-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"git-core-2.23.3-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"git-core-doc-2.23.3-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"git-cvs-2.23.3-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"git-daemon-2.23.3-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"git-debuginfo-2.23.3-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"git-email-2.23.3-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"git-gui-2.23.3-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"git-instaweb-2.23.3-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"git-p4-2.23.3-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"git-subtree-2.23.3-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"git-svn-2.23.3-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"gitk-2.23.3-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"gitweb-2.23.3-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"perl-Git-2.23.3-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"perl-Git-SVN-2.23.3-1.amzn2.0.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git / git-all / git-core / git-core-doc / git-cvs / git-daemon / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:09:54", "description": "Security fix for CVE-2020-5260 and CVE-2020-11008\n\nCVE-2020-5260 - From the upstream [release notes](https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.17.\n4.txt) :\n\n> With a crafted URL that contains a newline in it, the credential > helper machinery can be fooled to give credential information for > a wrong host. The attack has been made impossible by forbidding > a newline character in any value passed via the credential > protocol.\n\nCVE-2020-11008 - From the upstream [release notes](https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.17.\n5.txt): > With a crafted URL that contains a newline or empty host, or lacks > a scheme, the credential helper machinery can be fooled into > providing credential information that is not appropriate for the > protocol in use and host being contacted. > > Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the > credentials are not for a host of the attacker's choosing; instead, > they are for some unspecified host (based on how the configured > credential helper handles an absent 'host' parameter). > > The attack has been made impossible by refusing to work with > under-specified credential patterns.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-01T00:00:00", "type": "nessus", "title": "Fedora 30 : git (2020-4e093619bb)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11008", "CVE-2020-5260"], "modified": "2020-05-07T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:git", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2020-4E093619BB.NASL", "href": "https://www.tenable.com/plugins/nessus/136211", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-4e093619bb.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136211);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/07\");\n\n script_cve_id(\"CVE-2020-11008\", \"CVE-2020-5260\");\n script_xref(name:\"FEDORA\", value:\"2020-4e093619bb\");\n\n script_name(english:\"Fedora 30 : git (2020-4e093619bb)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2020-5260 and CVE-2020-11008\n\nCVE-2020-5260 - From the upstream [release\nnotes](https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.17.\n4.txt) :\n\n> With a crafted URL that contains a newline in it, the credential >\nhelper machinery can be fooled to give credential information for > a\nwrong host. The attack has been made impossible by forbidding > a\nnewline character in any value passed via the credential > protocol.\n\nCVE-2020-11008 - From the upstream [release\nnotes](https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.17.\n5.txt): > With a crafted URL that contains a newline or empty host, or\nlacks > a scheme, the credential helper machinery can be fooled into >\nproviding credential information that is not appropriate for the >\nprotocol in use and host being contacted. > > Unlike the vulnerability\nCVE-2020-5260 fixed in v2.17.4, the > credentials are not for a host\nof the attacker's choosing; instead, > they are for some unspecified\nhost (based on how the configured > credential helper handles an\nabsent 'host' parameter). > > The attack has been made impossible by\nrefusing to work with > under-specified credential patterns.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-4e093619bb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"git-2.21.3-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:15:24", "description": "According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where\n _some_ credential is leaked (but the attacker cannot control which one). Git uses external 'credential helper' programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a 'blank' pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's 'store' helper - Git's 'cache' helper - the 'osxkeychain' helper that ships in Git's 'contrib' directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability.(CVE-2020-11008)\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external 'credential helper' programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are:\n 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.(CVE-2020-5260)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-02T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : git (EulerOS-SA-2020-1598)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11008", "CVE-2020-5260"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:git", "p-cpe:/a:huawei:euleros:git-core", "p-cpe:/a:huawei:euleros:git-core-doc", "p-cpe:/a:huawei:euleros:perl-Git", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1598.NASL", "href": "https://www.tenable.com/plugins/nessus/137016", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137016);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-11008\",\n \"CVE-2020-5260\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : git (EulerOS-SA-2020-1598)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the git packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - Affected versions of Git have a vulnerability whereby\n Git can be tricked into sending private credentials to\n a host controlled by an attacker. This bug is similar\n to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that\n bug still left the door open for an exploit where\n _some_ credential is leaked (but the attacker cannot\n control which one). Git uses external 'credential\n helper' programs to store and retrieve passwords or\n other credentials from secure storage provided by the\n operating system. Specially-crafted URLs that are\n considered illegal as of the recently published Git\n versions can cause Git to send a 'blank' pattern to\n helpers, missing hostname and protocol fields. Many\n helpers will interpret this as matching _any_ URL, and\n will return some unspecified stored password, leaking\n the password to an attacker's server. The vulnerability\n can be triggered by feeding a malicious URL to `git\n clone`. However, the affected URLs look rather\n suspicious the likely vector would be through systems\n which automatically clone URLs not visible to the user,\n such as Git submodules, or package systems built around\n Git. The root of the problem is in Git itself, which\n should not be feeding blank input to helpers. However,\n the ability to exploit the vulnerability in practice\n depends on which helpers are in use. Credential helpers\n which are known to trigger the vulnerability: - Git's\n 'store' helper - Git's 'cache' helper - the\n 'osxkeychain' helper that ships in Git's 'contrib'\n directory Credential helpers which are known to be safe\n even with vulnerable versions of Git: - Git Credential\n Manager for Windows Any helper not in this list should\n be assumed to trigger the\n vulnerability.(CVE-2020-11008)\n\n - Affected versions of Git have a vulnerability whereby\n Git can be tricked into sending private credentials to\n a host controlled by an attacker. Git uses external\n 'credential helper' programs to store and retrieve\n passwords or other credentials from secure storage\n provided by the operating system. Specially-crafted\n URLs that contain an encoded newline can inject\n unintended values into the credential helper protocol\n stream, causing the credential helper to retrieve the\n password for one server (e.g., good.example.com) for an\n HTTP request being made to another server (e.g.,\n evil.example.com), resulting in credentials for the\n former being sent to the latter. There are no\n restrictions on the relationship between the two,\n meaning that an attacker can craft a URL that will\n present stored credentials for any host to a host of\n their choosing. The vulnerability can be triggered by\n feeding a malicious URL to git clone. However, the\n affected URLs look rather suspicious the likely vector\n would be through systems which automatically clone URLs\n not visible to the user, such as Git submodules, or\n package systems built around Git. The problem has been\n patched in the versions published on April 14th, 2020,\n going back to v2.17.x. Anyone wishing to backport the\n change further can do so by applying commit 9a6bbee\n (the full release includes extra checks for git fsck,\n but that commit is sufficient to protect clients\n against the vulnerability). The patched versions are:\n 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2,\n 2.24.2, 2.25.3, 2.26.1.(CVE-2020-5260)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1598\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?449923ea\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git-core-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"git-2.23.0-1.h6.eulerosv2r7\",\n \"git-core-2.23.0-1.h6.eulerosv2r7\",\n \"git-core-doc-2.23.0-1.h6.eulerosv2r7\",\n \"perl-Git-2.23.0-1.h6.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-14T16:12:44", "description": "The remote NewStart CGSL host, running version MAIN 6.01, has git packages installed that are affected by a vulnerability:\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external credential helper programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a blank pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's store helper - Git's cache helper - the osxkeychain helper that ships in Git's contrib directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability.\n (CVE-2020-11008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-21T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.01 : git Vulnerability (NS-SA-2020-0036)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11008", "CVE-2020-5260"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0036_GIT.NASL", "href": "https://www.tenable.com/plugins/nessus/138775", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0036. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138775);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2020-11008\");\n\n script_name(english:\"NewStart CGSL MAIN 6.01 : git Vulnerability (NS-SA-2020-0036)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.01, has git packages installed that are affected by a\nvulnerability:\n\n - Affected versions of Git have a vulnerability whereby\n Git can be tricked into sending private credentials to a\n host controlled by an attacker. This bug is similar to\n CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug\n still left the door open for an exploit where _some_\n credential is leaked (but the attacker cannot control\n which one). Git uses external credential helper\n programs to store and retrieve passwords or other\n credentials from secure storage provided by the\n operating system. Specially-crafted URLs that are\n considered illegal as of the recently published Git\n versions can cause Git to send a blank pattern to\n helpers, missing hostname and protocol fields. Many\n helpers will interpret this as matching _any_ URL, and\n will return some unspecified stored password, leaking\n the password to an attacker's server. The vulnerability\n can be triggered by feeding a malicious URL to `git\n clone`. However, the affected URLs look rather\n suspicious; the likely vector would be through systems\n which automatically clone URLs not visible to the user,\n such as Git submodules, or package systems built around\n Git. The root of the problem is in Git itself, which\n should not be feeding blank input to helpers. However,\n the ability to exploit the vulnerability in practice\n depends on which helpers are in use. Credential helpers\n which are known to trigger the vulnerability: - Git's\n store helper - Git's cache helper - the\n osxkeychain helper that ships in Git's contrib\n directory Credential helpers which are known to be safe\n even with vulnerable versions of Git: - Git Credential\n Manager for Windows Any helper not in this list should\n be assumed to trigger the vulnerability.\n (CVE-2020-11008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0036\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL git packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11008\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 6.01\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.01');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 6.01\": [\n \"git-2.18.4-2.el8_2\",\n \"git-all-2.18.4-2.el8_2\",\n \"git-core-2.18.4-2.el8_2\",\n \"git-core-debuginfo-2.18.4-2.el8_2\",\n \"git-core-doc-2.18.4-2.el8_2\",\n \"git-daemon-2.18.4-2.el8_2\",\n \"git-daemon-debuginfo-2.18.4-2.el8_2\",\n \"git-debuginfo-2.18.4-2.el8_2\",\n \"git-debugsource-2.18.4-2.el8_2\",\n \"git-email-2.18.4-2.el8_2\",\n \"git-gui-2.18.4-2.el8_2\",\n \"git-instaweb-2.18.4-2.el8_2\",\n \"git-subtree-2.18.4-2.el8_2\",\n \"git-svn-2.18.4-2.el8_2\",\n \"git-svn-debuginfo-2.18.4-2.el8_2\",\n \"gitk-2.18.4-2.el8_2\",\n \"gitweb-2.18.4-2.el8_2\",\n \"perl-Git-2.18.4-2.el8_2\",\n \"perl-Git-SVN-2.18.4-2.el8_2\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-16T14:55:11", "description": "According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where\n _some_ credential is leaked (but the attacker cannot control which one). Git uses external 'credential helper' programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a 'blank' pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's 'store' helper - Git's 'cache' helper - the 'osxkeychain' helper that ships in Git's 'contrib' directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability.(CVE-2020-11008)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-26T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : git (EulerOS-SA-2020-1578)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11008", "CVE-2020-5260"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:git", "p-cpe:/a:huawei:euleros:git-core", "p-cpe:/a:huawei:euleros:git-core-doc", "p-cpe:/a:huawei:euleros:perl-Git", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1578.NASL", "href": "https://www.tenable.com/plugins/nessus/136856", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136856);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-11008\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : git (EulerOS-SA-2020-1578)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the git packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - Affected versions of Git have a vulnerability whereby\n Git can be tricked into sending private credentials to\n a host controlled by an attacker. This bug is similar\n to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that\n bug still left the door open for an exploit where\n _some_ credential is leaked (but the attacker cannot\n control which one). Git uses external 'credential\n helper' programs to store and retrieve passwords or\n other credentials from secure storage provided by the\n operating system. Specially-crafted URLs that are\n considered illegal as of the recently published Git\n versions can cause Git to send a 'blank' pattern to\n helpers, missing hostname and protocol fields. Many\n helpers will interpret this as matching _any_ URL, and\n will return some unspecified stored password, leaking\n the password to an attacker's server. The vulnerability\n can be triggered by feeding a malicious URL to `git\n clone`. However, the affected URLs look rather\n suspicious the likely vector would be through systems\n which automatically clone URLs not visible to the user,\n such as Git submodules, or package systems built around\n Git. The root of the problem is in Git itself, which\n should not be feeding blank input to helpers. However,\n the ability to exploit the vulnerability in practice\n depends on which helpers are in use. Credential helpers\n which are known to trigger the vulnerability: - Git's\n 'store' helper - Git's 'cache' helper - the\n 'osxkeychain' helper that ships in Git's 'contrib'\n directory Credential helpers which are known to be safe\n even with vulnerable versions of Git: - Git Credential\n Manager for Windows Any helper not in this list should\n be assumed to trigger the\n vulnerability.(CVE-2020-11008)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1578\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?99e5c025\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git-core-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"git-2.19.1-1.h7.eulerosv2r8\",\n \"git-core-2.19.1-1.h7.eulerosv2r8\",\n \"git-core-doc-2.19.1-1.h7.eulerosv2r8\",\n \"perl-Git-2.19.1-1.h7.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:13:42", "description": "This update for git to 2.26.2 fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2020-11008: Specially crafted URLs may have tricked the credentials helper to providing credential information that is not appropriate for the protocol in use and host being contacted (bsc#1169936).\n\nNon-security issue fixed :\n\nFixed git-daemon not starting after conversion from sysvinit to systemd service (bsc#1169605).\n\nEnabled access for git-daemon in firewall configuration (bsc#1170302).\n\nFixed problems with recent switch to protocol v2, which caused fetches transferring unreasonable amount of data (bsc#1170741).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-22T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : git (SUSE-SU-2020:1295-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11008", "CVE-2020-5260"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:git-core", "p-cpe:/a:novell:suse_linux:git-core-debuginfo", "p-cpe:/a:novell:suse_linux:git-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-1295-1.NASL", "href": "https://www.tenable.com/plugins/nessus/136789", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1295-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136789);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-11008\", \"CVE-2020-5260\");\n\n script_name(english:\"SUSE SLES12 Security Update : git (SUSE-SU-2020:1295-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for git to 2.26.2 fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2020-11008: Specially crafted URLs may have tricked the\ncredentials helper to providing credential information that is not\nappropriate for the protocol in use and host being contacted\n(bsc#1169936).\n\nNon-security issue fixed :\n\nFixed git-daemon not starting after conversion from sysvinit to\nsystemd service (bsc#1169605).\n\nEnabled access for git-daemon in firewall configuration (bsc#1170302).\n\nFixed problems with recent switch to protocol v2, which caused fetches\ntransferring unreasonable amount of data (bsc#1170741).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168930\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169605\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169936\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170302\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11008/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-5260/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201295-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9976a388\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1295=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2020-1295=1\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2020-1295=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1295=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP4-2020-1295=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1295=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-1295=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP1-2020-1295=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1295=1\n\nSUSE Linux Enterprise Server 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1295=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1295=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1295=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-1295=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-1295=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2020-1295=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2020-1295=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2020-1295=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5260\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2/3/4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"git-core-2.26.2-27.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"git-core-debuginfo-2.26.2-27.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"git-debugsource-2.26.2-27.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"git-core-2.26.2-27.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"git-core-debuginfo-2.26.2-27.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"git-debugsource-2.26.2-27.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"git-core-2.26.2-27.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"git-core-debuginfo-2.26.2-27.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"git-debugsource-2.26.2-27.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"git-core-2.26.2-27.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"git-core-debuginfo-2.26.2-27.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"git-debugsource-2.26.2-27.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"git-core-2.26.2-27.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"git-core-debuginfo-2.26.2-27.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"git-debugsource-2.26.2-27.36.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:15:02", "description": "According to the versions of the git packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external 'credential helper' programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are:\n 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.(CVE-2020-5260)\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where\n _some_ credential is leaked (but the attacker cannot control which one). Git uses external 'credential helper' programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a 'blank' pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's 'store' helper - Git's 'cache' helper - the 'osxkeychain' helper that ships in Git's 'contrib' directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability.(CVE-2020-11008)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-25T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : git (EulerOS-SA-2020-1694)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11008", "CVE-2020-5260"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:git", "p-cpe:/a:huawei:euleros:git-core", "p-cpe:/a:huawei:euleros:git-core-doc", "p-cpe:/a:huawei:euleros:perl-Git", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2020-1694.NASL", "href": "https://www.tenable.com/plugins/nessus/137801", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137801);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-11008\",\n \"CVE-2020-5260\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : git (EulerOS-SA-2020-1694)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the git packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - Affected versions of Git have a vulnerability whereby\n Git can be tricked into sending private credentials to\n a host controlled by an attacker. Git uses external\n 'credential helper' programs to store and retrieve\n passwords or other credentials from secure storage\n provided by the operating system. Specially-crafted\n URLs that contain an encoded newline can inject\n unintended values into the credential helper protocol\n stream, causing the credential helper to retrieve the\n password for one server (e.g., good.example.com) for an\n HTTP request being made to another server (e.g.,\n evil.example.com), resulting in credentials for the\n former being sent to the latter. There are no\n restrictions on the relationship between the two,\n meaning that an attacker can craft a URL that will\n present stored credentials for any host to a host of\n their choosing. The vulnerability can be triggered by\n feeding a malicious URL to git clone. However, the\n affected URLs look rather suspicious the likely vector\n would be through systems which automatically clone URLs\n not visible to the user, such as Git submodules, or\n package systems built around Git. The problem has been\n patched in the versions published on April 14th, 2020,\n going back to v2.17.x. Anyone wishing to backport the\n change further can do so by applying commit 9a6bbee\n (the full release includes extra checks for git fsck,\n but that commit is sufficient to protect clients\n against the vulnerability). The patched versions are:\n 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2,\n 2.24.2, 2.25.3, 2.26.1.(CVE-2020-5260)\n\n - Affected versions of Git have a vulnerability whereby\n Git can be tricked into sending private credentials to\n a host controlled by an attacker. This bug is similar\n to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that\n bug still left the door open for an exploit where\n _some_ credential is leaked (but the attacker cannot\n control which one). Git uses external 'credential\n helper' programs to store and retrieve passwords or\n other credentials from secure storage provided by the\n operating system. Specially-crafted URLs that are\n considered illegal as of the recently published Git\n versions can cause Git to send a 'blank' pattern to\n helpers, missing hostname and protocol fields. Many\n helpers will interpret this as matching _any_ URL, and\n will return some unspecified stored password, leaking\n the password to an attacker's server. The vulnerability\n can be triggered by feeding a malicious URL to `git\n clone`. However, the affected URLs look rather\n suspicious the likely vector would be through systems\n which automatically clone URLs not visible to the user,\n such as Git submodules, or package systems built around\n Git. The root of the problem is in Git itself, which\n should not be feeding blank input to helpers. However,\n the ability to exploit the vulnerability in practice\n depends on which helpers are in use. Credential helpers\n which are known to trigger the vulnerability: - Git's\n 'store' helper - Git's 'cache' helper - the\n 'osxkeychain' helper that ships in Git's 'contrib'\n directory Credential helpers which are known to be safe\n even with vulnerable versions of Git: - Git Credential\n Manager for Windows Any helper not in this list should\n be assumed to trigger the\n vulnerability.(CVE-2020-11008)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1694\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?12942ea4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git-core-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"git-2.19.1-1.h7.eulerosv2r8\",\n \"git-core-2.19.1-1.h7.eulerosv2r8\",\n \"git-core-doc-2.19.1-1.h7.eulerosv2r8\",\n \"perl-Git-2.19.1-1.h7.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:11:21", "description": "According to the versions of the git packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a 'git submodule update' operation can run commands found in the .gitmodules file of a malicious repository.(CVE-2019-19604)\n\n - An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.(CVE-2019-1387)\n\n - A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'.\n This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.(CVE-2019-1354)\n\n - An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as 'WSL') while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.(CVE-2019-1353)\n\n - A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'.\n This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387.(CVE-2019-1352)\n\n - A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.(CVE-2019-1351)\n\n - A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'.\n This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.(CVE-2019-1350)\n\n - A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'.\n This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.(CVE-2019-1349)\n\n - An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths.(CVE-2019-1348)\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external 'credential helper' programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are:\n 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.(CVE-2020-5260)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-05-01T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : git (EulerOS-SA-2020-1537)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1348", "CVE-2019-1349", "CVE-2019-1350", "CVE-2019-1351", "CVE-2019-1352", "CVE-2019-1353", "CVE-2019-1354", "CVE-2019-1387", "CVE-2019-19604", "CVE-2020-5260"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:git", "p-cpe:/a:huawei:euleros:git-core", "p-cpe:/a:huawei:euleros:git-core-doc", "p-cpe:/a:huawei:euleros:perl-Git", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2020-1537.NASL", "href": "https://www.tenable.com/plugins/nessus/136240", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136240);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\n \"CVE-2019-1348\",\n \"CVE-2019-1349\",\n \"CVE-2019-1350\",\n \"CVE-2019-1351\",\n \"CVE-2019-1352\",\n \"CVE-2019-1353\",\n \"CVE-2019-1354\",\n \"CVE-2019-1387\",\n \"CVE-2019-19604\",\n \"CVE-2020-5260\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : git (EulerOS-SA-2020-1537)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the git packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - Arbitrary command execution is possible in Git before\n 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2,\n 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because\n a 'git submodule update' operation can run commands\n found in the .gitmodules file of a malicious\n repository.(CVE-2019-19604)\n\n - An issue was found in Git before v2.24.1, v2.23.1,\n v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3,\n v2.16.6, v2.15.4, and v2.14.6. Recursive clones are\n currently affected by a vulnerability that is caused by\n too-lax validation of submodule names, allowing very\n targeted attacks via remote code execution in recursive\n clones.(CVE-2019-1387)\n\n - A remote code execution vulnerability exists when Git\n for Visual Studio improperly sanitizes input, aka 'Git\n for Visual Studio Remote Code Execution Vulnerability'.\n This CVE ID is unique from CVE-2019-1349,\n CVE-2019-1350, CVE-2019-1352,\n CVE-2019-1387.(CVE-2019-1354)\n\n - An issue was found in Git before v2.24.1, v2.23.1,\n v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3,\n v2.16.6, v2.15.4, and v2.14.6. When running Git in the\n Windows Subsystem for Linux (also known as 'WSL') while\n accessing a working directory on a regular Windows\n drive, none of the NTFS protections were\n active.(CVE-2019-1353)\n\n - A remote code execution vulnerability exists when Git\n for Visual Studio improperly sanitizes input, aka 'Git\n for Visual Studio Remote Code Execution Vulnerability'.\n This CVE ID is unique from CVE-2019-1349,\n CVE-2019-1350, CVE-2019-1354,\n CVE-2019-1387.(CVE-2019-1352)\n\n - A tampering vulnerability exists when Git for Visual\n Studio improperly handles virtual drive paths, aka 'Git\n for Visual Studio Tampering\n Vulnerability'.(CVE-2019-1351)\n\n - A remote code execution vulnerability exists when Git\n for Visual Studio improperly sanitizes input, aka 'Git\n for Visual Studio Remote Code Execution Vulnerability'.\n This CVE ID is unique from CVE-2019-1349,\n CVE-2019-1352, CVE-2019-1354,\n CVE-2019-1387.(CVE-2019-1350)\n\n - A remote code execution vulnerability exists when Git\n for Visual Studio improperly sanitizes input, aka 'Git\n for Visual Studio Remote Code Execution Vulnerability'.\n This CVE ID is unique from CVE-2019-1350,\n CVE-2019-1352, CVE-2019-1354,\n CVE-2019-1387.(CVE-2019-1349)\n\n - An issue was found in Git before v2.24.1, v2.23.1,\n v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3,\n v2.16.6, v2.15.4, and v2.14.6. The --export-marks\n option of git fast-import is exposed also via the\n in-stream command feature export-marks=... and it\n allows overwriting arbitrary paths.(CVE-2019-1348)\n\n - Affected versions of Git have a vulnerability whereby\n Git can be tricked into sending private credentials to\n a host controlled by an attacker. Git uses external\n 'credential helper' programs to store and retrieve\n passwords or other credentials from secure storage\n provided by the operating system. Specially-crafted\n URLs that contain an encoded newline can inject\n unintended values into the credential helper protocol\n stream, causing the credential helper to retrieve the\n password for one server (e.g., good.example.com) for an\n HTTP request being made to another server (e.g.,\n evil.example.com), resulting in credentials for the\n former being sent to the latter. There are no\n restrictions on the relationship between the two,\n meaning that an attacker can craft a URL that will\n present stored credentials for any host to a host of\n their choosing. The vulnerability can be triggered by\n feeding a malicious URL to git clone. However, the\n affected URLs look rather suspicious the likely vector\n would be through systems which automatically clone URLs\n not visible to the user, such as Git submodules, or\n package systems built around Git. The problem has been\n patched in the versions published on April 14th, 2020,\n going back to v2.17.x. Anyone wishing to backport the\n change further can do so by applying commit 9a6bbee\n (the full release includes extra checks for git fsck,\n but that commit is sufficient to protect clients\n against the vulnerability). The patched versions are:\n 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2,\n 2.24.2, 2.25.3, 2.26.1.(CVE-2020-5260)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1537\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b998afa8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19604\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-1353\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git-core-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"git-2.19.1-1.h8\",\n \"git-core-2.19.1-1.h8\",\n \"git-core-doc-2.19.1-1.h8\",\n \"perl-Git-2.19.1-1.h8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:10:31", "description": "This update for git fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2020-11008: Specially crafted URLs may have tricked the credentials helper to providing credential information that is not appropriate for the protocol in use and host being contacted (bsc#1169936)\n\ngit was updated to 2.26.1 (bsc#1169786, jsc#ECO-1628, bsc#1149792)\n\nFix git-daemon not starting after conversion from sysvinit to systemd service (bsc#1169605).\n\nCVE-2020-5260: Specially crafted URLs with newline characters could have been used to make the Git client to send credential information for a wrong host to the attacker's site bsc#1168930\n\ngit 2.26.0 (bsc#1167890, jsc#SLE-11608) :\n\n'git rebase' now uses a different backend that is based on the 'merge' machinery by default. The 'rebase.backend' configuration variable reverts to old behaviour when set to 'apply'\n\nImproved handling of sparse checkouts\n\nImprovements to many commands and internal features\n\ngit 2.25.2 :\n\nbug fixes to various subcommands in specific operations\n\ngit 2.25.1 :\n\n'git commit' now honors advise.statusHints\n\nvarious updates, bug fixes and documentation updates\n\ngit 2.25.0\n\nThe branch description ('git branch --edit-description') has been used to fill the body of the cover letters by the format-patch command;\nthis has been enhanced so that the subject can also be filled.\n\nA few commands learned to take the pathspec from the standard input or a named file, instead of taking it as the command line arguments, with the '--pathspec-from-file' option.\n\nTest updates to prepare for SHA-2 transition continues.\n\nRedo 'git name-rev' to avoid recursive calls.\n\nWhen all files from some subdirectory were renamed to the root directory, the directory rename heuristics would fail to detect that as a rename/merge of the subdirectory to the root directory, which has been corrected.\n\nHTTP transport had possible allocator/deallocator mismatch, which has been corrected.\n\ngit 2.24.1 :\n\nCVE-2019-1348: The --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785)\n\nCVE-2019-1349: on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787)\n\nCVE-2019-1350: Incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788)\n\nCVE-2019-1351: on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789)\n\nCVE-2019-1352: on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790)\n\nCVE-2019-1353: when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791)\n\nCVE-2019-1354: on Windows refuses to write tracked files with filenames that contain backslashes (bsc#1158792)\n\nCVE-2019-1387: Recursive clones vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793)\n\nCVE-2019-19604: a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795)\n\ngit 2.24.0\n\nThe command line parser learned '--end-of-options' notation.\n\nA mechanism to affect the default setting for a (related) group of configuration variables is introduced.\n\n'git fetch' learned '--set-upstream' option to help those who first clone from their private fork they intend to push to, add the true upstream via 'git remote add' and then 'git fetch' from it.\n\nfixes and improvements to UI, workflow and features, bash completion fixes\n\ngit 2.23.0 :\n\nThe '--base' option of 'format-patch' computed the patch-ids for prerequisite patches in an unstable way, which has been updated to compute in a way that is compatible with 'git patch-id\n\n--stable'.\n\nThe 'git log' command by default behaves as if the --mailmap option was given.\n\nfixes and improvements to UI, workflow and features\n\ngit 2.22.1\n\nA relative pathname given to 'git init --template=<path> <repo>' ought to be relative to the directory 'git init' gets invoked in, but it instead was made relative to the repository, which has been corrected.\n</repo></path>\n\n'git worktree add' used to fail when another worktree connected to the same repository was corrupt, which has been corrected.\n\n'git am -i --resolved' segfaulted after trying to see a commit as if it were a tree, which has been corrected.\n\n'git merge --squash' is designed to update the working tree and the index without creating the commit, and this cannot be countermanded by adding the '--commit' option; the command now refuses to work when both options are given.\n\nUpdate to Unicode 12.1 width table.\n\n'git request-pull' learned to warn when the ref we ask them to pull from in the local repository and in the published repository are different.\n\n'git fetch' into a lazy clone forgot to fetch base objects that are necessary to complete delta in a thin packfile, which has been corrected.\n\nThe URL decoding code has been updated to avoid going past the end of the string while parsing %-<hex>-<hex> sequence. </hex></hex>\n\n'git clean' silently skipped a path when it cannot lstat() it; now it gives a warning.\n\n'git rm' to resolve a conflicted path leaked an internal message 'needs merge' before actually removing the path, which was confusing.\nThis has been corrected.\n\nMany more bugfixes and code cleanups.\n\nremoval of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by firewalld.\n\npartial fix for git instaweb giving 500 error (bsc#1112230)\n\ngit 2.22.0\n\nThe filter specification '--filter=sparse:path=<path>' used to create a lazy/partial clone has been removed. Using a blob that is part of the project as sparse specification is still supported with the '--filter=sparse:oid=<blob>' option </blob></path>\n\n'git checkout --no-overlay' can be used to trigger a new mode of checking out paths out of the tree-ish, that allows paths that match the pathspec that are in the current index and working tree and are not in the tree-ish.\n\nFour new configuration variables {author,committer}.{name,email} have been introduced to override user.{name,email} in more specific cases.\n\n'git branch' learned a new subcommand '--show-current'.\n\nThe command line completion (in contrib/) has been taught to complete more subcommand parameters.\n\nThe completion helper code now pays attention to repository-local configuration (when available), which allows --list-cmds to honour a repository specific setting of completion.commands, for example.\n\nThe list of conflicted paths shown in the editor while concluding a conflicted merge was shown above the scissors line when the clean-up mode is set to 'scissors', even though it was commented out just like the list of updated paths and other information to help the user explain the merge better.\n\n'git rebase' that was reimplemented in C did not set ORIG_HEAD correctly, which has been corrected.\n\n'git worktree add' used to do a 'find an available name with stat and then mkdir', which is race-prone. This has been fixed by using mkdir and reacting to EEXIST in a loop.\n\nMove to DocBook 5.x. Asciidoctor 2.x no longer supports the legacy DocBook 4.5 format.\n\nupdate git-web AppArmor profile for bash and tar usrMerge (bsc#1132350)\n\ngit 2.21.0\n\nHistorically, the '-m' (mainline) option can only be used for 'git cherry-pick' and 'git revert' when working with a merge commit. This version of Git no longer warns or errors out when working with a single-parent commit, as long as the argument to the '-m' option is 1 (i.e. it has only one parent, and the request is to pick or revert relative to that first parent). Scripts that relied on the behaviour may get broken with this change.\n\nSmall fixes and features for fast-export and fast-import.\n\nThe 'http.version' configuration variable can be used with recent enough versions of cURL library to force the version of HTTP used to talk when fetching and pushing.\n\n'git push $there $src:$dst' rejects when $dst is not a fully qualified refname and it is not clear what the end user meant.\n\nUpdate 'git multimail' from the upstream.\n\nA new date format '--date=human' that morphs its output depending on how far the time is from the current time has been introduced.\n'--date=auto:human' can be used to use this new format (or any existing format) when the output is going to the pager or to the terminal, and otherwise the default format.\n\nFix worktree creation race (bsc#1114225).\n\nadd shadow build dependency to the -daemon subpackage.\n\ngit 2.20.1 :\n\nportability fixes\n\n'git help -a' did not work well when an overly long alias was defined\n\nno longer squelched an error message when the run_command API failed to run a missing command\n\ngit 2.20.0\n\n'git help -a' now gives verbose output (same as 'git help -av'). Those who want the old output may say 'git help --no-verbose -a'..\n\n'git send-email' learned to grab address-looking string on any trailer whose name ends with '-by'.\n\n'git format-patch' learned new '--interdiff' and '--range-diff' options to explain the difference between this version and the previous attempt in the cover letter (or after the three-dashes as a comment).\n\nDeveloper builds now use -Wunused-function compilation option.\n\nFix a bug in which the same path could be registered under multiple worktree entries if the path was missing (for instance, was removed manually). Also, as a convenience, expand the number of cases in which\n\n--force is applicable.\n\nThe overly large Documentation/config.txt file have been split into million little pieces. This potentially allows each individual piece to be included into the manual page of the command it affects more easily.\n\nMalformed or crafted data in packstream can make our code attempt to read or write past the allocated buffer and abort, instead of reporting an error, which has been fixed.\n\nFix for a long-standing bug that leaves the index file corrupt when it shrinks during a partial commit.\n\n'git merge' and 'git pull' that merges into an unborn branch used to completely ignore '--verify-signatures', which has been corrected.\n\n...and much more features and fixes\n\ngit 2.19.2 :\n\nvarious bug fixes for multiple subcommands and operations\n\ngit 2.19.1 :\n\nCVE-2018-17456: Specially crafted .gitmodules files may have allowed arbitrary code execution when the repository is cloned with\n\n--recurse-submodules (bsc#1110949)\n\ngit 2.19.0 :\n\n'git diff' compares the index and the working tree. For paths added with intent-to-add bit, the command shows the full contents of them as added, but the paths themselves were not marked as new files. They are now shown as new by default.\n\n'git apply' learned the '--intent-to-add' option so that an otherwise working-tree-only application of a patch will add new paths to the index marked with the 'intent-to-add' bit.\n\n'git grep' learned the '--column' option that gives not just the line number but the column number of the hit.\n\nThe '-l' option in 'git branch -l' is an unfortunate short-hand for '--create-reflog', but many users, both old and new, somehow expect it to be something else, perhaps '--list'. This step warns when '-l' is used as a short-hand for '--create-reflog' and warns about the future repurposing of the it when it is used.\n\nThe userdiff pattern for .php has been updated.\n\nThe content-transfer-encoding of the message 'git send-email' sends out by default was 8bit, which can cause trouble when there is an overlong line to bust RFC 5322/2822 limit. A new option 'auto' to automatically switch to quoted-printable when there is such a line in the payload has been introduced and is made the default.\n\n'git checkout' and 'git worktree add' learned to honor checkout.defaultRemote when auto-vivifying a local branch out of a remote tracking branch in a repository with multiple remotes that have tracking branches that share the same names. (merge 8d7b558bae ab/checkout-default-remote later to maint).\n\n'git grep' learned the '--only-matching' option.\n\n'git rebase --rebase-merges' mode now handles octopus merges as well.\n\nAdd a server-side knob to skip commits in exponential/fibbonacci stride in an attempt to cover wider swath of history with a smaller number of iterations, potentially accepting a larger packfile transfer, instead of going back one commit a time during common ancestor discovery during the 'git fetch' transaction. (merge 42cc7485a2 jt/fetch-negotiator-skipping later to maint).\n\nA new configuration variable core.usereplacerefs has been added, primarily to help server installations that want to ignore the replace mechanism altogether.\n\nTeach 'git tag -s' etc. a few configuration variables (gpg.format that can be set to 'openpgp' or 'x509', and gpg.<format>.program that is used to specify what program to use to deal with the format) to allow x.509 certs with CMS via 'gpgsm' to be used instead of openpgp via 'gnupg'. </format>\n\nMany more strings are prepared for l10n.\n\n'git p4 submit' learns to ask its own pre-submit hook if it should continue with submitting.\n\nThe test performed at the receiving end of 'git push' to prevent bad objects from entering repository can be customized via receive.fsck.* configuration variables; we now have gained a counterpart to do the same on the 'git fetch' side, with fetch.fsck.* configuration variables.\n\n'git pull --rebase=interactive' learned 'i' as a short-hand for 'interactive'.\n\n'git instaweb' has been adjusted to run better with newer Apache on RedHat based distros.\n\n'git range-diff' is a reimplementation of 'git tbdiff' that lets us compare individual patches in two iterations of a topic.\n\nThe sideband code learned to optionally paint selected keywords at the beginning of incoming lines on the receiving end.\n\n'git branch --list' learned to take the default sort order from the 'branch.sort' configuration variable, just like 'git tag --list' pays attention to 'tag.sort'.\n\n'git worktree' command learned '--quiet' option to make it less verbose.\n\ngit 2.18.0 :\n\nimprovements to rename detection logic\n\nWhen built with more recent cURL, GIT_SSL_VERSION can now specify 'tlsv1.3' as its value.\n\n'git mergetools' learned talking to guiffy.\n\nvarious other workflow improvements and fixes\n\nperformance improvements and other developer visible fixes\n\ngit 2.17.1\n\nSubmodule 'names' come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting '../' into the name. We now enforce some rules for submodule names which will cause Git to ignore these malicious names (CVE-2018-11235, bsc#1095219)\n\nIt was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory (CVE-2018-11233, bsc#1095218)\n\nSupport on the server side to reject pushes to repositories that attempt to create such problematic .gitmodules file etc. as tracked contents, to help hosting sites protect their customers by preventing malicious contents from spreading.\n\ngit 2.17.0 :\n\n'diff' family of commands learned '--find-object=<object-id>' option to limit the findings to changes that involve the named object.\n</object-id>\n\n'git format-patch' learned to give 72-cols to diffstat, which is consistent with other line length limits the subcommand uses for its output meant for e-mails.\n\nThe log from 'git daemon' can be redirected with a new option; one relevant use case is to send the log to standard error (instead of syslog) when running it from inetd.\n\n'git rebase' learned to take '--allow-empty-message' option.\n\n'git am' has learned the '--quit' option, in addition to the existing '--abort' option; having the pair mirrors a few other commands like 'rebase' and 'cherry-pick'.\n\n'git worktree add' learned to run the post-checkout hook, just like 'git clone' runs it upon the initial checkout.\n\n'git tag' learned an explicit '--edit' option that allows the message given via '-m' and '-F' to be further edited.\n\n'git fetch --prune-tags' may be used as a handy short-hand for getting rid of stale tags that are locally held.\n\nThe new '--show-current-patch' option gives an end-user facing way to get the diff being applied when 'git rebase' (and 'git am') stops with a conflict.\n\n'git add -p' used to offer '/' (look for a matching hunk) as a choice, even there was only one hunk, which has been corrected. Also the single-key help is now given only for keys that are enabled (e.g. help for '/' won't be shown when there is only one hunk).\n\nSince Git 1.7.9, 'git merge' defaulted to --no-ff (i.e. even when the side branch being merged is a descendant of the current commit, create a merge commit instead of fast-forwarding) when merging a tag object.\nThis was appropriate default for integrators who pull signed tags from their downstream contributors, but caused an unnecessary merges when used by downstream contributors who habitually 'catch up' their topic branches with tagged releases from the upstream. Update 'git merge' to default to --no-ff only when merging a tag object that does *not* sit at its usual place in refs/tags/ hierarchy, and allow fast-forwarding otherwise, to mitigate the problem.\n\n'git status' can spend a lot of cycles to compute the relation between the current branch and its upstream, which can now be disabled with '--no-ahead-behind' option.\n\n'git diff' and friends learned funcname patterns for Go language source files.\n\n'git send-email' learned '--reply-to=<address>' option. </address>\n\nFuncname pattern used for C# now recognizes 'async' keyword.\n\nIn a way similar to how 'git tag' learned to honor the pager setting only in the list mode, 'git config' learned to ignore the pager setting when it is used for setting values (i.e. when the purpose of the operation is not to 'show').\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-29T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2020:1121-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15298", "CVE-2018-11233", "CVE-2018-11235", "CVE-2018-17456", "CVE-2019-1348", "CVE-2019-1349", "CVE-2019-1350", "CVE-2019-1351", "CVE-2019-1352", "CVE-2019-1353", "CVE-2019-1354", "CVE-2019-1387", "CVE-2019-19604", "CVE-2020-11008", "CVE-2020-5260"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:git", "p-cpe:/a:novell:suse_linux:git-arch", "p-cpe:/a:novell:suse_linux:git-core", "p-cpe:/a:novell:suse_linux:git-core-debuginfo", "p-cpe:/a:novell:suse_linux:git-credential-gnome-keyring", "p-cpe:/a:novell:suse_linux:git-credential-gnome-keyring-debuginfo", "p-cpe:/a:novell:suse_linux:git-credential-libsecret", "p-cpe:/a:novell:suse_linux:git-credential-libsecret-debuginfo", "p-cpe:/a:novell:suse_linux:git-cvs", "p-cpe:/a:novell:suse_linux:git-daemon", "p-cpe:/a:novell:suse_linux:git-daemon-debuginfo", "p-cpe:/a:novell:suse_linux:git-debuginfo", "p-cpe:/a:novell:suse_linux:git-debugsource", "p-cpe:/a:novell:suse_linux:git-email", "p-cpe:/a:novell:suse_linux:git-gui", "p-cpe:/a:novell:suse_linux:git-p4", "p-cpe:/a:novell:suse_linux:git-svn", "p-cpe:/a:novell:suse_linux:git-svn-debuginfo", "p-cpe:/a:novell:suse_linux:git-web", "p-cpe:/a:novell:suse_linux:gitk", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-1121-1.NASL", "href": "https://www.tenable.com/plugins/nessus/136074", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1121-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136074);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\n \"CVE-2017-15298\",\n \"CVE-2018-11233\",\n \"CVE-2018-11235\",\n \"CVE-2018-17456\",\n \"CVE-2019-1348\",\n \"CVE-2019-1349\",\n \"CVE-2019-1350\",\n \"CVE-2019-1351\",\n \"CVE-2019-1352\",\n \"CVE-2019-1353\",\n \"CVE-2019-1354\",\n \"CVE-2019-1387\",\n \"CVE-2019-19604\",\n \"CVE-2020-5260\",\n \"CVE-2020-11008\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2020:1121-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for git fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2020-11008: Specially crafted URLs may have tricked the\ncredentials helper to providing credential information that is not\nappropriate for the protocol in use and host being contacted\n(bsc#1169936)\n\ngit was updated to 2.26.1 (bsc#1169786, jsc#ECO-1628, bsc#1149792)\n\nFix git-daemon not starting after conversion from sysvinit to systemd\nservice (bsc#1169605).\n\nCVE-2020-5260: Specially crafted URLs with newline characters could\nhave been used to make the Git client to send credential information\nfor a wrong host to the attacker's site bsc#1168930\n\ngit 2.26.0 (bsc#1167890, jsc#SLE-11608) :\n\n'git rebase' now uses a different backend that is based on the 'merge'\nmachinery by default. The 'rebase.backend' configuration variable\nreverts to old behaviour when set to 'apply'\n\nImproved handling of sparse checkouts\n\nImprovements to many commands and internal features\n\ngit 2.25.2 :\n\nbug fixes to various subcommands in specific operations\n\ngit 2.25.1 :\n\n'git commit' now honors advise.statusHints\n\nvarious updates, bug fixes and documentation updates\n\ngit 2.25.0\n\nThe branch description ('git branch --edit-description') has been used\nto fill the body of the cover letters by the format-patch command;\nthis has been enhanced so that the subject can also be filled.\n\nA few commands learned to take the pathspec from the standard input or\na named file, instead of taking it as the command line arguments, with\nthe '--pathspec-from-file' option.\n\nTest updates to prepare for SHA-2 transition continues.\n\nRedo 'git name-rev' to avoid recursive calls.\n\nWhen all files from some subdirectory were renamed to the root\ndirectory, the directory rename heuristics would fail to detect that\nas a rename/merge of the subdirectory to the root directory, which has\nbeen corrected.\n\nHTTP transport had possible allocator/deallocator mismatch, which has\nbeen corrected.\n\ngit 2.24.1 :\n\nCVE-2019-1348: The --export-marks option of fast-import is exposed\nalso via the in-stream command feature export-marks=... and it allows\noverwriting arbitrary paths (bsc#1158785)\n\nCVE-2019-1349: on Windows, when submodules are cloned recursively,\nunder certain circumstances Git could be fooled into using the same\nGit directory twice (bsc#1158787)\n\nCVE-2019-1350: Incorrect quoting of command-line arguments allowed\nremote code execution during a recursive clone in conjunction with SSH\nURLs (bsc#1158788)\n\nCVE-2019-1351: on Windows mistakes drive letters outside of the\nUS-English alphabet as relative paths (bsc#1158789)\n\nCVE-2019-1352: on Windows was unaware of NTFS Alternate Data Streams\n(bsc#1158790)\n\nCVE-2019-1353: when run in the Windows Subsystem for Linux while\naccessing a working directory on a regular Windows drive, none of the\nNTFS protections were active (bsc#1158791)\n\nCVE-2019-1354: on Windows refuses to write tracked files with\nfilenames that contain backslashes (bsc#1158792)\n\nCVE-2019-1387: Recursive clones vulnerability that is caused by\ntoo-lax validation of submodule names, allowing very targeted attacks\nvia remote code execution in recursive clones (bsc#1158793)\n\nCVE-2019-19604: a recursive clone followed by a submodule update could\nexecute code contained within the repository without the user\nexplicitly having asked for that (bsc#1158795)\n\ngit 2.24.0\n\nThe command line parser learned '--end-of-options' notation.\n\nA mechanism to affect the default setting for a (related) group of\nconfiguration variables is introduced.\n\n'git fetch' learned '--set-upstream' option to help those who first\nclone from their private fork they intend to push to, add the true\nupstream via 'git remote add' and then 'git fetch' from it.\n\nfixes and improvements to UI, workflow and features, bash completion\nfixes\n\ngit 2.23.0 :\n\nThe '--base' option of 'format-patch' computed the patch-ids for\nprerequisite patches in an unstable way, which has been updated to\ncompute in a way that is compatible with 'git patch-id\n\n--stable'.\n\nThe 'git log' command by default behaves as if the --mailmap option\nwas given.\n\nfixes and improvements to UI, workflow and features\n\ngit 2.22.1\n\nA relative pathname given to 'git init --template=<path> <repo>' ought\nto be relative to the directory 'git init' gets invoked in, but it\ninstead was made relative to the repository, which has been corrected.\n</repo></path>\n\n'git worktree add' used to fail when another worktree connected to the\nsame repository was corrupt, which has been corrected.\n\n'git am -i --resolved' segfaulted after trying to see a commit as if\nit were a tree, which has been corrected.\n\n'git merge --squash' is designed to update the working tree and the\nindex without creating the commit, and this cannot be countermanded by\nadding the '--commit' option; the command now refuses to work when\nboth options are given.\n\nUpdate to Unicode 12.1 width table.\n\n'git request-pull' learned to warn when the ref we ask them to pull\nfrom in the local repository and in the published repository are\ndifferent.\n\n'git fetch' into a lazy clone forgot to fetch base objects that are\nnecessary to complete delta in a thin packfile, which has been\ncorrected.\n\nThe URL decoding code has been updated to avoid going past the end of\nthe string while parsing %-<hex>-<hex> sequence. </hex></hex>\n\n'git clean' silently skipped a path when it cannot lstat() it; now it\ngives a warning.\n\n'git rm' to resolve a conflicted path leaked an internal message\n'needs merge' before actually removing the path, which was confusing.\nThis has been corrected.\n\nMany more bugfixes and code cleanups.\n\nremoval of SuSEfirewall2 service, since SuSEfirewall2 has been\nreplaced by firewalld.\n\npartial fix for git instaweb giving 500 error (bsc#1112230)\n\ngit 2.22.0\n\nThe filter specification '--filter=sparse:path=<path>' used to create\na lazy/partial clone has been removed. Using a blob that is part of\nthe project as sparse specification is still supported with the\n'--filter=sparse:oid=<blob>' option </blob></path>\n\n'git checkout --no-overlay' can be used to trigger a new mode of\nchecking out paths out of the tree-ish, that allows paths that match\nthe pathspec that are in the current index and working tree and are\nnot in the tree-ish.\n\nFour new configuration variables {author,committer}.{name,email} have\nbeen introduced to override user.{name,email} in more specific cases.\n\n'git branch' learned a new subcommand '--show-current'.\n\nThe command line completion (in contrib/) has been taught to complete\nmore subcommand parameters.\n\nThe completion helper code now pays attention to repository-local\nconfiguration (when available), which allows --list-cmds to honour a\nrepository specific setting of completion.commands, for example.\n\nThe list of conflicted paths shown in the editor while concluding a\nconflicted merge was shown above the scissors line when the clean-up\nmode is set to 'scissors', even though it was commented out just like\nthe list of updated paths and other information to help the user\nexplain the merge better.\n\n'git rebase' that was reimplemented in C did not set ORIG_HEAD\ncorrectly, which has been corrected.\n\n'git worktree add' used to do a 'find an available name with stat and\nthen mkdir', which is race-prone. This has been fixed by using mkdir\nand reacting to EEXIST in a loop.\n\nMove to DocBook 5.x. Asciidoctor 2.x no longer supports the legacy\nDocBook 4.5 format.\n\nupdate git-web AppArmor profile for bash and tar usrMerge\n(bsc#1132350)\n\ngit 2.21.0\n\nHistorically, the '-m' (mainline) option can only be used for 'git\ncherry-pick' and 'git revert' when working with a merge commit. This\nversion of Git no longer warns or errors out when working with a\nsingle-parent commit, as long as the argument to the '-m' option is 1\n(i.e. it has only one parent, and the request is to pick or revert\nrelative to that first parent). Scripts that relied on the behaviour\nmay get broken with this change.\n\nSmall fixes and features for fast-export and fast-import.\n\nThe 'http.version' configuration variable can be used with recent\nenough versions of cURL library to force the version of HTTP used to\ntalk when fetching and pushing.\n\n'git push $there $src:$dst' rejects when $dst is not a fully qualified\nrefname and it is not clear what the end user meant.\n\nUpdate 'git multimail' from the upstream.\n\nA new date format '--date=human' that morphs its output depending on\nhow far the time is from the current time has been introduced.\n'--date=auto:human' can be used to use this new format (or any\nexisting format) when the output is going to the pager or to the\nterminal, and otherwise the default format.\n\nFix worktree creation race (bsc#1114225).\n\nadd shadow build dependency to the -daemon subpackage.\n\ngit 2.20.1 :\n\nportability fixes\n\n'git help -a' did not work well when an overly long alias was defined\n\nno longer squelched an error message when the run_command API failed\nto run a missing command\n\ngit 2.20.0\n\n'git help -a' now gives verbose output (same as 'git help -av'). Those\nwho want the old output may say 'git help --no-verbose -a'..\n\n'git send-email' learned to grab address-looking string on any trailer\nwhose name ends with '-by'.\n\n'git format-patch' learned new '--interdiff' and '--range-diff'\noptions to explain the difference between this version and the\nprevious attempt in the cover letter (or after the three-dashes as a\ncomment).\n\nDeveloper builds now use -Wunused-function compilation option.\n\nFix a bug in which the same path could be registered under multiple\nworktree entries if the path was missing (for instance, was removed\nmanually). Also, as a convenience, expand the number of cases in which\n\n--force is applicable.\n\nThe overly large Documentation/config.txt file have been split into\nmillion little pieces. This potentially allows each individual piece\nto be included into the manual page of the command it affects more\neasily.\n\nMalformed or crafted data in packstream can make our code attempt to\nread or write past the allocated buffer and abort, instead of\nreporting an error, which has been fixed.\n\nFix for a long-standing bug that leaves the index file corrupt when it\nshrinks during a partial commit.\n\n'git merge' and 'git pull' that merges into an unborn branch used to\ncompletely ignore '--verify-signatures', which has been corrected.\n\n...and much more features and fixes\n\ngit 2.19.2 :\n\nvarious bug fixes for multiple subcommands and operations\n\ngit 2.19.1 :\n\nCVE-2018-17456: Specially crafted .gitmodules files may have allowed\narbitrary code execution when the repository is cloned with\n\n--recurse-submodules (bsc#1110949)\n\ngit 2.19.0 :\n\n'git diff' compares the index and the working tree. For paths added\nwith intent-to-add bit, the command shows the full contents of them as\nadded, but the paths themselves were not marked as new files. They are\nnow shown as new by default.\n\n'git apply' learned the '--intent-to-add' option so that an otherwise\nworking-tree-only application of a patch will add new paths to the\nindex marked with the 'intent-to-add' bit.\n\n'git grep' learned the '--column' option that gives not just the line\nnumber but the column number of the hit.\n\nThe '-l' option in 'git branch -l' is an unfortunate short-hand for\n'--create-reflog', but many users, both old and new, somehow expect it\nto be something else, perhaps '--list'. This step warns when '-l' is\nused as a short-hand for '--create-reflog' and warns about the future\nrepurposing of the it when it is used.\n\nThe userdiff pattern for .php has been updated.\n\nThe content-transfer-encoding of the message 'git send-email' sends\nout by default was 8bit, which can cause trouble when there is an\noverlong line to bust RFC 5322/2822 limit. A new option 'auto' to\nautomatically switch to quoted-printable when there is such a line in\nthe payload has been introduced and is made the default.\n\n'git checkout' and 'git worktree add' learned to honor\ncheckout.defaultRemote when auto-vivifying a local branch out of a\nremote tracking branch in a repository with multiple remotes that have\ntracking branches that share the same names. (merge 8d7b558bae\nab/checkout-default-remote later to maint).\n\n'git grep' learned the '--only-matching' option.\n\n'git rebase --rebase-merges' mode now handles octopus merges as well.\n\nAdd a server-side knob to skip commits in exponential/fibbonacci\nstride in an attempt to cover wider swath of history with a smaller\nnumber of iterations, potentially accepting a larger packfile\ntransfer, instead of going back one commit a time during common\nancestor discovery during the 'git fetch' transaction. (merge\n42cc7485a2 jt/fetch-negotiator-skipping later to maint).\n\nA new configuration variable core.usereplacerefs has been added,\nprimarily to help server installations that want to ignore the replace\nmechanism altogether.\n\nTeach 'git tag -s' etc. a few configuration variables (gpg.format that\ncan be set to 'openpgp' or 'x509', and gpg.<format>.program that is\nused to specify what program to use to deal with the format) to allow\nx.509 certs with CMS via 'gpgsm' to be used instead of openpgp via\n'gnupg'. </format>\n\nMany more strings are prepared for l10n.\n\n'git p4 submit' learns to ask its own pre-submit hook if it should\ncontinue with submitting.\n\nThe test performed at the receiving end of 'git push' to prevent bad\nobjects from entering repository can be customized via receive.fsck.*\nconfiguration variables; we now have gained a counterpart to do the\nsame on the 'git fetch' side, with fetch.fsck.* configuration\nvariables.\n\n'git pull --rebase=interactive' learned 'i' as a short-hand for\n'interactive'.\n\n'git instaweb' has been adjusted to run better with newer Apache on\nRedHat based distros.\n\n'git range-diff' is a reimplementation of 'git tbdiff' that lets us\ncompare individual patches in two iterations of a topic.\n\nThe sideband code learned to optionally paint selected keywords at the\nbeginning of incoming lines on the receiving end.\n\n'git branch --list' learned to take the default sort order from the\n'branch.sort' configuration variable, just like 'git tag --list' pays\nattention to 'tag.sort'.\n\n'git worktree' command learned '--quiet' option to make it less\nverbose.\n\ngit 2.18.0 :\n\nimprovements to rename detection logic\n\nWhen built with more recent cURL, GIT_SSL_VERSION can now specify\n'tlsv1.3' as its value.\n\n'git mergetools' learned talking to guiffy.\n\nvarious other workflow improvements and fixes\n\nperformance improvements and other developer visible fixes\n\ngit 2.17.1\n\nSubmodule 'names' come from the untrusted .gitmodules file, but we\nblindly append them to $GIT_DIR/modules to create our on-disk repo\npaths. This means you can do bad things by putting '../' into the\nname. We now enforce some rules for submodule names which will cause\nGit to ignore these malicious names (CVE-2018-11235, bsc#1095219)\n\nIt was possible to trick the code that sanity-checks paths on NTFS\ninto reading random piece of memory (CVE-2018-11233, bsc#1095218)\n\nSupport on the server side to reject pushes to repositories that\nattempt to create such problematic .gitmodules file etc. as tracked\ncontents, to help hosting sites protect their customers by preventing\nmalicious contents from spreading.\n\ngit 2.17.0 :\n\n'diff' family of commands learned '--find-object=<object-id>' option\nto limit the findings to changes that involve the named object.\n</object-id>\n\n'git format-patch' learned to give 72-cols to diffstat, which is\nconsistent with other line length limits the subcommand uses for its\noutput meant for e-mails.\n\nThe log from 'git daemon' can be redirected with a new option; one\nrelevant use case is to send the log to standard error (instead of\nsyslog) when running it from inetd.\n\n'git rebase' learned to take '--allow-empty-message' option.\n\n'git am' has learned the '--quit' option, in addition to the existing\n'--abort' option; having the pair mirrors a few other commands like\n'rebase' and 'cherry-pick'.\n\n'git worktree add' learned to run the post-checkout hook, just like\n'git clone' runs it upon the initial checkout.\n\n'git tag' learned an explicit '--edit' option that allows the message\ngiven via '-m' and '-F' to be further edited.\n\n'git fetch --prune-tags' may be used as a handy short-hand for getting\nrid of stale tags that are locally held.\n\nThe new '--show-current-patch' option gives an end-user facing way to\nget the diff being applied when 'git rebase' (and 'git am') stops with\na conflict.\n\n'git add -p' used to offer '/' (look for a matching hunk) as a choice,\neven there was only one hunk, which has been corrected. Also the\nsingle-key help is now given only for keys that are enabled (e.g. help\nfor '/' won't be shown when there is only one hunk).\n\nSince Git 1.7.9, 'git merge' defaulted to --no-ff (i.e. even when the\nside branch being merged is a descendant of the current commit, create\na merge commit instead of fast-forwarding) when merging a tag object.\nThis was appropriate default for integrators who pull signed tags from\ntheir downstream contributors, but caused an unnecessary merges when\nused by downstream contributors who habitually 'catch up' their topic\nbranches with tagged releases from the upstream. Update 'git merge' to\ndefault to --no-ff only when merging a tag object that does *not* sit\nat its usual place in refs/tags/ hierarchy, and allow fast-forwarding\notherwise, to mitigate the problem.\n\n'git status' can spend a lot of cycles to compute the relation between\nthe current branch and its upstream, which can now be disabled with\n'--no-ahead-behind' option.\n\n'git diff' and friends learned funcname patterns for Go language\nsource files.\n\n'git send-email' learned '--reply-to=<address>' option. </address>\n\nFuncname pattern used for C# now recognizes 'async' keyword.\n\nIn a way similar to how 'git tag' learned to honor the pager setting\nonly in the list mode, 'git config' learned to ignore the pager\nsetting when it is used for setting values (i.e. when the purpose of\nthe operation is not to 'show').\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063412\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095219\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112230\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114225\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158785\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158791\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158793\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167890\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169936\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-15298/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-11233/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-11235/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-17456/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-1348/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-1349/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-1350/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-1351/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-1352/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-1353/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-1354/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-1387/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19604/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-11008/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-5260/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201121-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?47879213\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-1121=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-15-SP1-2020-1121=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1121=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19604\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-1353\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Malicious Git HTTP Server For CVE-2018-17456');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-arch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-credential-gnome-keyring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-credential-gnome-keyring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-credential-libsecret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-credential-libsecret-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-daemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-svn-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-arch-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-core-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-core-debuginfo-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-credential-gnome-keyring-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-credential-gnome-keyring-debuginfo-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-credential-libsecret-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-credential-libsecret-debuginfo-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-cvs-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-daemon-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-daemon-debuginfo-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-debuginfo-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-debugsource-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-email-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-gui-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-p4-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-svn-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-svn-debuginfo-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-web-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"gitk-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-arch-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-core-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-core-debuginfo-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-credential-gnome-keyring-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-credential-gnome-keyring-debuginfo-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-credential-libsecret-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-credential-libsecret-debuginfo-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-cvs-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-daemon-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-daemon-debuginfo-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-debuginfo-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-debugsource-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-email-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-gui-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-p4-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-svn-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-svn-debuginfo-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"git-web-2.26.1-3.25.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"gitk-2.26.1-3.25.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:13:01", "description": "This update for git fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2020-11008: Specially crafted URLs may have tricked the credentials helper to providing credential information that is not appropriate for the protocol in use and host being contacted (bsc#1169936)\n\ngit was updated to 2.26.1 (bsc#1169786, jsc#ECO-1628, bsc#1149792)\n\n - Fix git-daemon not starting after conversion from sysvinit to systemd service (bsc#1169605).\n\n - CVE-2020-5260: Specially crafted URLs with newline characters could have been used to make the Git client to send credential information for a wrong host to the attacker's site bsc#1168930\n\ngit 2.26.0 (bsc#1167890, jsc#SLE-11608) :\n\n - 'git rebase' now uses a different backend that is based on the 'merge' machinery by default. The 'rebase.backend' configuration variable reverts to old behaviour when set to 'apply'\n\n - Improved handling of sparse checkouts\n\n - Improvements to many commands and internal features\n\ngit 2.25.2 :\n\n - bug fixes to various subcommands in specific operations\n\ngit 2.25.1 :\n\n - 'git commit' now honors advise.statusHints\n\n - various updates, bug fixes and documentation updates\n\ngit 2.25.0\n\n - The branch description ('git branch --edit-description') has been used to fill the body of the cover letters by the format-patch command; this has been enhanced so that the subject can also be filled.\n\n - A few commands learned to take the pathspec from the standard input or a named file, instead of taking it as the command line arguments, with the '--pathspec-from-file' option.\n\n - Test updates to prepare for SHA-2 transition continues.\n\n - Redo 'git name-rev' to avoid recursive calls.\n\n - When all files from some subdirectory were renamed to the root directory, the directory rename heuristics would fail to detect that as a rename/merge of the subdirectory to the root directory, which has been corrected.\n\n - HTTP transport had possible allocator/deallocator mismatch, which has been corrected.\n\ngit 2.24.1 :\n\n - CVE-2019-1348: The --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785)\n\n - CVE-2019-1349: on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787)\n\n - CVE-2019-1350: Incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788)\n\n - CVE-2019-1351: on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789)\n\n - CVE-2019-1352: on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790)\n\n - CVE-2019-1353: when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791)\n\n - CVE-2019-1354: on Windows refuses to write tracked files with filenames that contain backslashes (bsc#1158792)\n\n - CVE-2019-1387: Recursive clones vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793)\n\n - CVE-2019-19604: a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795)\n\ngit 2.24.0\n\n - The command line parser learned '--end-of-options' notation.\n\n - A mechanism to affect the default setting for a (related) group of configuration variables is introduced.\n\n - 'git fetch' learned '--set-upstream' option to help those who first clone from their private fork they intend to push to, add the true upstream via 'git remote add' and then 'git fetch' from it.\n\n - fixes and improvements to UI, workflow and features, bash completion fixes\n\ngit 2.23.0 :\n\n - The '--base' option of 'format-patch' computed the patch-ids for prerequisite patches in an unstable way, which has been updated to compute in a way that is compatible with 'git patch-id\n\n --stable'.\n\n - The 'git log' command by default behaves as if the\n --mailmap option was given.\n\n - fixes and improvements to UI, workflow and features\n\ngit 2.22.1\n\n - A relative pathname given to 'git init --template=<path> <repo>' ought to be relative to the directory 'git init' gets invoked in, but it instead was made relative to the repository, which has been corrected.\n\n - 'git worktree add' used to fail when another worktree connected to the same repository was corrupt, which has been corrected.\n\n - 'git am -i --resolved' segfaulted after trying to see a commit as if it were a tree, which has been corrected.\n\n - 'git merge --squash' is designed to update the working tree and the index without creating the commit, and this cannot be countermanded by adding the '--commit' option;\n the command now refuses to work when both options are given.\n\n - Update to Unicode 12.1 width table.\n\n - 'git request-pull' learned to warn when the ref we ask them to pull from in the local repository and in the published repository are different.\n\n - 'git fetch' into a lazy clone forgot to fetch base objects that are necessary to complete delta in a thin packfile, which has been corrected.\n\n - The URL decoding code has been updated to avoid going past the end of the string while parsing %-<hex>-<hex> sequence.\n\n - 'git clean' silently skipped a path when it cannot lstat() it; now it gives a warning.\n\n - 'git rm' to resolve a conflicted path leaked an internal message 'needs merge' before actually removing the path, which was confusing. This has been corrected.\n\n - Many more bugfixes and code cleanups.\n\n - removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by firewalld.\n\n - partial fix for git instaweb giving 500 error (bsc#1112230)\n\ngit 2.22.0 \n\n - The filter specification '--filter=sparse:path=<path>' used to create a lazy/partial clone has been removed.\n Using a blob that is part of the project as sparse specification is still supported with the '--filter=sparse:oid=<blob>' option\n\n - 'git checkout --no-overlay' can be used to trigger a new mode of checking out paths out of the tree-ish, that allows paths that match the pathspec that are in the current index and working tree and are not in the tree-ish.\n\n - Four new configuration variables (author,committer).(name,email) have been introduced to override user.(name,email) in more specific cases.\n\n - 'git branch' learned a new subcommand '--show-current'.\n\n - The command line completion (in contrib/) has been taught to complete more subcommand parameters.\n\n - The completion helper code now pays attention to repository-local configuration (when available), which allows --list-cmds to honour a repository specific setting of completion.commands, for example.\n\n - The list of conflicted paths shown in the editor while concluding a conflicted merge was shown above the scissors line when the clean-up mode is set to 'scissors', even though it was commented out just like the list of updated paths and other information to help the user explain the merge better.\n\n - 'git rebase' that was reimplemented in C did not set ORIG_HEAD correctly, which has been corrected.\n\n - 'git worktree add' used to do a 'find an available name with stat and then mkdir', which is race-prone. This has been fixed by using mkdir and reacting to EEXIST in a loop. \n\n - Move to DocBook 5.x. Asciidoctor 2.x no longer supports the legacy DocBook 4.5 format.\n\n - update git-web AppArmor profile for bash and tar usrMerge (bsc#1132350)\n\ngit 2.21.0\n\n - Historically, the '-m' (mainline) option can only be used for 'git cherry-pick' and 'git revert' when working with a merge commit. This version of Git no longer warns or errors out when working with a single-parent commit, as long as the argument to the '-m' option is 1 (i.e. it has only one parent, and the request is to pick or revert relative to that first parent). Scripts that relied on the behaviour may get broken with this change.\n\n - Small fixes and features for fast-export and fast-import.\n\n - The 'http.version' configuration variable can be used with recent enough versions of cURL library to force the version of HTTP used to talk when fetching and pushing.\n\n - 'git push $there $src:$dst' rejects when $dst is not a fully qualified refname and it is not clear what the end user meant.\n\n - Update 'git multimail' from the upstream.\n\n - A new date format '--date=human' that morphs its output depending on how far the time is from the current time has been introduced. '--date=auto:human' can be used to use this new format (or any existing format) when the output is going to the pager or to the terminal, and otherwise the default format.\n\n - Fix worktree creation race (bsc#1114225).\n\n - add shadow build dependency to the -daemon subpackage.\n\ngit 2.20.1 :\n\n - portability fixes\n\n - 'git help -a' did not work well when an overly long alias was defined\n\n - no longer squelched an error message when the run_command API failed to run a missing command\n\ngit 2.20.0\n\n - 'git help -a' now gives verbose output (same as 'git help -av'). Those who want the old output may say 'git help --no-verbose -a'..\n\n - 'git send-email' learned to grab address-looking string on any trailer whose name ends with '-by'.\n\n - 'git format-patch' learned new '--interdiff' and '--range-diff' options to explain the difference between this version and the previous attempt in the cover letter (or after the three-dashes as a comment).\n\n - Developer builds now use -Wunused-function compilation option.\n\n - Fix a bug in which the same path could be registered under multiple worktree entries if the path was missing (for instance, was removed manually). Also, as a convenience, expand the number of cases in which --force is applicable.\n\n - The overly large Documentation/config.txt file have been split into million little pieces. This potentially allows each individual piece to be included into the manual page of the command it affects more easily.\n\n - Malformed or crafted data in packstream can make our code attempt to read or write past the allocated buffer and abort, instead of reporting an error, which has been fixed.\n\n - Fix for a long-standing bug that leaves the index file corrupt when it shrinks during a partial commit.\n\n - 'git merge' and 'git pull' that merges into an unborn branch used to completely ignore '--verify-signatures', which has been corrected.\n\n - ...and much more features and fixes\n\ngit 2.19.2 :\n\n - various bug fixes for multiple subcommands and operations\n\ngit 2.19.1 :\n\n - CVE-2018-17456: Specially crafted .gitmodules files may have allowed arbitrary code execution when the repository is cloned with --recurse-submodules (bsc#1110949)\n\ngit 2.19.0 :\n\n - 'git diff' compares the index and the working tree. For paths added with intent-to-add bit, the command shows the full contents of them as added, but the paths themselves were not marked as new files. They are now shown as new by default.\n\n - 'git apply' learned the '--intent-to-add' option so that an otherwise working-tree-only application of a patch will add new paths to the index marked with the 'intent-to-add' bit.\n\n - 'git grep' learned the '--column' option that gives not just the line number but the column number of the hit.\n\n - The '-l' option in 'git branch -l' is an unfortunate short-hand for '--create-reflog', but many users, both old and new, somehow expect it to be something else, perhaps '--list'. This step warns when '-l' is used as a short-hand for '--create-reflog' and warns about the future repurposing of the it when it is used.\n\n - The userdiff pattern for .php has been updated.\n\n - The content-transfer-encoding of the message 'git send-email' sends out by default was 8bit, which can cause trouble when there is an overlong line to bust RFC 5322/2822 limit. A new option 'auto' to automatically switch to quoted-printable when there is such a line in the payload has been introduced and is made the default.\n\n - 'git checkout' and 'git worktree add' learned to honor checkout.defaultRemote when auto-vivifying a local branch out of a remote tracking branch in a repository with multiple remotes that have tracking branches that share the same names. (merge 8d7b558bae ab/checkout-default-remote later to maint).\n\n - 'git grep' learned the '--only-matching' option.\n\n - 'git rebase --rebase-merges' mode now handles octopus merges as well.\n\n - Add a server-side knob to skip commits in exponential/fibbonacci stride in an attempt to cover wider swath of history with a smaller number of iterations, potentially accepting a larger packfile transfer, instead of going back one commit a time during common ancestor discovery during the 'git fetch' transaction. (merge 42cc7485a2 jt/fetch-negotiator-skipping later to maint).\n\n - A new configuration variable core.usereplacerefs has been added, primarily to help server installations that want to ignore the replace mechanism altogether.\n\n - Teach 'git tag -s' etc. a few configuration variables (gpg.format that can be set to 'openpgp' or 'x509', and gpg.<format>.program that is used to specify what program to use to deal with the format) to allow x.509 certs with CMS via 'gpgsm' to be used instead of openpgp via 'gnupg'.\n\n - Many more strings are prepared for l10n.\n\n - 'git p4 submit' learns to ask its own pre-submit hook if it should continue with submitting.\n\n - The test performed at the receiving end of 'git push' to prevent bad objects from entering repository can be customized via receive.fsck.* configuration variables;\n we now have gained a counterpart to do the same on the 'git fetch' side, with fetch.fsck.* configuration variables.\n\n - 'git pull --rebase=interactive' learned 'i' as a short-hand for 'interactive'.\n\n - 'git instaweb' has been adjusted to run better with newer Apache on RedHat based distros.\n\n - 'git range-diff' is a reimplementation of 'git tbdiff' that lets us compare individual patches in two iterations of a topic.\n\n - The sideband code learned to optionally paint selected keywords at the beginning of incoming lines on the receiving end.\n\n - 'git branch --list' learned to take the default sort order from the 'branch.sort' configuration variable, just like 'git tag --list' pays attention to 'tag.sort'.\n\n - 'git worktree' command learned '--quiet' option to make it less verbose.\n\ngit 2.18.0 :\n\n - improvements to rename detection logic\n\n - When built with more recent cURL, GIT_SSL_VERSION can now specify 'tlsv1.3' as its value.\n\n - 'git mergetools' learned talking to guiffy.\n\n - various other workflow improvements and fixes\n\n - performance improvements and other developer visible fixes\n\ngit 2.17.1\n\n - Submodule 'names' come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting '../' into the name. We now enforce some rules for submodule names which will cause Git to ignore these malicious names (CVE-2018-11235, bsc#1095219)\n\n - It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory (CVE-2018-11233, bsc#1095218)\n\n - Support on the server side to reject pushes to repositories that attempt to create such problematic .gitmodules file etc. as tracked contents, to help hosting sites protect their customers by preventing malicious contents from spreading.\n\ngit 2.17.0 :\n\n - 'diff' family of commands learned '--find-object=<object-id>' option to limit the findings to changes that involve the named object.\n\n - 'git format-patch' learned to give 72-cols to diffstat, which is consistent with other line length limits the subcommand uses for its output meant for e-mails.\n\n - The log from 'git daemon' can be redirected with a new option; one relevant use case is to send the log to standard error (instead of syslog) when running it from inetd.\n\n - 'git rebase' learned to take '--allow-empty-message' option.\n\n - 'git am' has learned the '--quit' option, in addition to the existing '--abort' option; having the pair mirrors a few other commands like 'rebase' and 'cherry-pick'.\n\n - 'git worktree add' learned to run the post-checkout hook, just like 'git clone' runs it upon the initial checkout.\n\n - 'git tag' learned an explicit '--edit' option that allows the message given via '-m' and '-F' to be further edited.\n\n - 'git fetch --prune-tags' may be used as a handy short-hand for getting rid of stale tags that are locally held.\n\n - The new '--show-current-patch' option gives an end-user facing way to get the diff being applied when 'git rebase' (and 'git am') stops with a conflict.\n\n - 'git add -p' used to offer '/' (look for a matching hunk) as a choice, even there was only one hunk, which has been corrected. Also the single-key help is now given only for keys that are enabled (e.g. help for '/' won't be shown when there is only one hunk).\n\n - Since Git 1.7.9, 'git merge' defaulted to --no-ff (i.e.\n even when the side branch being merged is a descendant of the current commit, create a merge commit instead of fast-forwarding) when merging a tag object. This was appropriate default for integrators who pull signed tags from their downstream contributors, but caused an unnecessary merges when used by downstream contributors who habitually 'catch up' their topic branches with tagged releases from the upstream. Update 'git merge' to default to --no-ff only when merging a tag object that does *not* sit at its usual place in refs/tags/ hierarchy, and allow fast-forwarding otherwise, to mitigate the problem.\n\n - 'git status' can spend a lot of cycles to compute the relation between the current branch and its upstream, which can now be disabled with '--no-ahead-behind' option.\n\n - 'git diff' and friends learned funcname patterns for Go language source files.\n\n - 'git send-email' learned '--reply-to=<address>' option.\n\n - Funcname pattern used for C# now recognizes 'async' keyword.\n\n - In a way similar to how 'git tag' learned to honor the pager setting only in the list mode, 'git config' learned to ignore the pager setting when it is used for setting values (i.e. when the purpose of the operation is not to 'show').\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-05-04T00:00:00", "type": "nessus", "title": "openSUSE Security Update : git (openSUSE-2020-598)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15298", "CVE-2018-11233", "CVE-2018-11235", "CVE-2018-17456", "CVE-2019-1348", "CVE-2019-1349", "CVE-2019-1350", "CVE-2019-1351", "CVE-2019-1352", "CVE-2019-1353", "CVE-2019-1354", "CVE-2019-1387", "CVE-2019-19604", "CVE-2020-11008", "CVE-2020-5260"], "modified": "2022-05-16T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:git", "p-cpe:/a:novell:opensuse:git-arch", "p-cpe:/a:novell:opensuse:git-core", "p-cpe:/a:novell:opensuse:git-core-debuginfo", "p-cpe:/a:novell:opensuse:git-credential-gnome-keyring", "p-cpe:/a:novell:opensuse:git-credential-gnome-keyring-debuginfo", "p-cpe:/a:novell:opensuse:git-credential-libsecret", "p-cpe:/a:novell:opensuse:git-credential-libsecret-debuginfo", "p-cpe:/a:novell:opensuse:git-cvs", "p-cpe:/a:novell:opensuse:git-daemon", "p-cpe:/a:novell:opensuse:git-daemon-debuginfo", "p-cpe:/a:novell:opensuse:git-debuginfo", "p-cpe:/a:novell:opensuse:git-debugsource", "p-cpe:/a:novell:opensuse:git-email", "p-cpe:/a:novell:opensuse:git-gui", "p-cpe:/a:novell:opensuse:git-p4", "p-cpe:/a:novell:opensuse:git-svn", "p-cpe:/a:novell:opensuse:git-svn-debuginfo", "p-cpe:/a:novell:opensuse:git-web", "p-cpe:/a:novell:opensuse:gitk", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-598.NASL", "href": "https://www.tenable.com/plugins/nessus/136311", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-598.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136311);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/16\");\n\n script_cve_id(\"CVE-2017-15298\", \"CVE-2018-11233\", \"CVE-2018-11235\", \"CVE-2018-17456\", \"CVE-2019-1348\", \"CVE-2019-1349\", \"CVE-2019-1350\", \"CVE-2019-1351\", \"CVE-2019-1352\", \"CVE-2019-1353\", \"CVE-2019-1354\", \"CVE-2019-1387\", \"CVE-2019-19604\", \"CVE-2020-11008\", \"CVE-2020-5260\");\n\n script_name(english:\"openSUSE Security Update : git (openSUSE-2020-598)\");\n script_summary(english:\"Check for the openSUSE-2020-598 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for git fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2020-11008: Specially crafted URLs may have tricked\n the credentials helper to providing credential\n information that is not appropriate for the protocol in\n use and host being contacted (bsc#1169936)\n\ngit was updated to 2.26.1 (bsc#1169786, jsc#ECO-1628, bsc#1149792)\n\n - Fix git-daemon not starting after conversion from\n sysvinit to systemd service (bsc#1169605).\n\n - CVE-2020-5260: Specially crafted URLs with newline\n characters could have been used to make the Git client\n to send credential information for a wrong host to the\n attacker's site bsc#1168930\n\ngit 2.26.0 (bsc#1167890, jsc#SLE-11608) :\n\n - 'git rebase' now uses a different backend that is based\n on the 'merge' machinery by default. The\n 'rebase.backend' configuration variable reverts to old\n behaviour when set to 'apply'\n\n - Improved handling of sparse checkouts\n\n - Improvements to many commands and internal features\n\ngit 2.25.2 :\n\n - bug fixes to various subcommands in specific operations\n\ngit 2.25.1 :\n\n - 'git commit' now honors advise.statusHints\n\n - various updates, bug fixes and documentation updates\n\ngit 2.25.0\n\n - The branch description ('git branch --edit-description')\n has been used to fill the body of the cover letters by\n the format-patch command; this has been enhanced so that\n the subject can also be filled.\n\n - A few commands learned to take the pathspec from the\n standard input or a named file, instead of taking it as\n the command line arguments, with the\n '--pathspec-from-file' option.\n\n - Test updates to prepare for SHA-2 transition continues.\n\n - Redo 'git name-rev' to avoid recursive calls.\n\n - When all files from some subdirectory were renamed to\n the root directory, the directory rename heuristics\n would fail to detect that as a rename/merge of the\n subdirectory to the root directory, which has been\n corrected.\n\n - HTTP transport had possible allocator/deallocator\n mismatch, which has been corrected.\n\ngit 2.24.1 :\n\n - CVE-2019-1348: The --export-marks option of fast-import\n is exposed also via the in-stream command feature\n export-marks=... and it allows overwriting arbitrary\n paths (bsc#1158785)\n\n - CVE-2019-1349: on Windows, when submodules are cloned\n recursively, under certain circumstances Git could be\n fooled into using the same Git directory twice\n (bsc#1158787)\n\n - CVE-2019-1350: Incorrect quoting of command-line\n arguments allowed remote code execution during a\n recursive clone in conjunction with SSH URLs\n (bsc#1158788)\n\n - CVE-2019-1351: on Windows mistakes drive letters outside\n of the US-English alphabet as relative paths\n (bsc#1158789)\n\n - CVE-2019-1352: on Windows was unaware of NTFS Alternate\n Data Streams (bsc#1158790)\n\n - CVE-2019-1353: when run in the Windows Subsystem for\n Linux while accessing a working directory on a regular\n Windows drive, none of the NTFS protections were active\n (bsc#1158791)\n\n - CVE-2019-1354: on Windows refuses to write tracked files\n with filenames that contain backslashes (bsc#1158792)\n\n - CVE-2019-1387: Recursive clones vulnerability that is\n caused by too-lax validation of submodule names,\n allowing very targeted attacks via remote code execution\n in recursive clones (bsc#1158793)\n\n - CVE-2019-19604: a recursive clone followed by a\n submodule update could execute code contained within the\n repository without the user explicitly having asked for\n that (bsc#1158795)\n\ngit 2.24.0\n\n - The command line parser learned '--end-of-options'\n notation.\n\n - A mechanism to affect the default setting for a\n (related) group of configuration variables is\n introduced.\n\n - 'git fetch' learned '--set-upstream' option to help\n those who first clone from their private fork they\n intend to push to, add the true upstream via 'git remote\n add' and then 'git fetch' from it.\n\n - fixes and improvements to UI, workflow and features,\n bash completion fixes\n\ngit 2.23.0 :\n\n - The '--base' option of 'format-patch' computed the\n patch-ids for prerequisite patches in an unstable way,\n which has been updated to compute in a way that is\n compatible with 'git patch-id\n\n --stable'.\n\n - The 'git log' command by default behaves as if the\n --mailmap option was given.\n\n - fixes and improvements to UI, workflow and features\n\ngit 2.22.1\n\n - A relative pathname given to 'git init --template=<path>\n <repo>' ought to be relative to the directory 'git init'\n gets invoked in, but it instead was made relative to the\n repository, which has been corrected.\n\n - 'git worktree add' used to fail when another worktree\n connected to the same repository was corrupt, which has\n been corrected.\n\n - 'git am -i --resolved' segfaulted after trying to see a\n commit as if it were a tree, which has been corrected.\n\n - 'git merge --squash' is designed to update the working\n tree and the index without creating the commit, and this\n cannot be countermanded by adding the '--commit' option;\n the command now refuses to work when both options are\n given.\n\n - Update to Unicode 12.1 width table.\n\n - 'git request-pull' learned to warn when the ref we ask\n them to pull from in the local repository and in the\n published repository are different.\n\n - 'git fetch' into a lazy clone forgot to fetch base\n objects that are necessary to complete delta in a thin\n packfile, which has been corrected.\n\n - The URL decoding code has been updated to avoid going\n past the end of the string while parsing %-<hex>-<hex>\n sequence.\n\n - 'git clean' silently skipped a path when it cannot\n lstat() it; now it gives a warning.\n\n - 'git rm' to resolve a conflicted path leaked an internal\n message 'needs merge' before actually removing the path,\n which was confusing. This has been corrected.\n\n - Many more bugfixes and code cleanups.\n\n - removal of SuSEfirewall2 service, since SuSEfirewall2\n has been replaced by firewalld.\n\n - partial fix for git instaweb giving 500 error\n (bsc#1112230)\n\ngit 2.22.0 \n\n - The filter specification '--filter=sparse:path=<path>'\n used to create a lazy/partial clone has been removed.\n Using a blob that is part of the project as sparse\n specification is still supported with the\n '--filter=sparse:oid=<blob>' option\n\n - 'git checkout --no-overlay' can be used to trigger a new\n mode of checking out paths out of the tree-ish, that\n allows paths that match the pathspec that are in the\n current index and working tree and are not in the\n tree-ish.\n\n - Four new configuration variables\n (author,committer).(name,email) have been introduced to\n override user.(name,email) in more specific cases.\n\n - 'git branch' learned a new subcommand '--show-current'.\n\n - The command line completion (in contrib/) has been\n taught to complete more subcommand parameters.\n\n - The completion helper code now pays attention to\n repository-local configuration (when available), which\n allows --list-cmds to honour a repository specific\n setting of completion.commands, for example.\n\n - The list of conflicted paths shown in the editor while\n concluding a conflicted merge was shown above the\n scissors line when the clean-up mode is set to\n 'scissors', even though it was commented out just like\n the list of updated paths and other information to help\n the user explain the merge better.\n\n - 'git rebase' that was reimplemented in C did not set\n ORIG_HEAD correctly, which has been corrected.\n\n - 'git worktree add' used to do a 'find an available name\n with stat and then mkdir', which is race-prone. This has\n been fixed by using mkdir and reacting to EEXIST in a\n loop. \n\n - Move to DocBook 5.x. Asciidoctor 2.x no longer supports\n the legacy DocBook 4.5 format.\n\n - update git-web AppArmor profile for bash and tar\n usrMerge (bsc#1132350)\n\ngit 2.21.0\n\n - Historically, the '-m' (mainline) option can only be\n used for 'git cherry-pick' and 'git revert' when working\n with a merge commit. This version of Git no longer warns\n or errors out when working with a single-parent commit,\n as long as the argument to the '-m' option is 1 (i.e. it\n has only one parent, and the request is to pick or\n revert relative to that first parent). Scripts that\n relied on the behaviour may get broken with this change.\n\n - Small fixes and features for fast-export and\n fast-import.\n\n - The 'http.version' configuration variable can be used\n with recent enough versions of cURL library to force the\n version of HTTP used to talk when fetching and pushing.\n\n - 'git push $there $src:$dst' rejects when $dst is not a\n fully qualified refname and it is not clear what the end\n user meant.\n\n - Update 'git multimail' from the upstream.\n\n - A new date format '--date=human' that morphs its output\n depending on how far the time is from the current time\n has been introduced. '--date=auto:human' can be used to\n use this new format (or any existing format) when the\n output is going to the pager or to the terminal, and\n otherwise the default format.\n\n - Fix worktree creation race (bsc#1114225).\n\n - add shadow build dependency to the -daemon subpackage.\n\ngit 2.20.1 :\n\n - portability fixes\n\n - 'git help -a' did not work well when an overly long\n alias was defined\n\n - no longer squelched an error message when the\n run_command API failed to run a missing command\n\ngit 2.20.0\n\n - 'git help -a' now gives verbose output (same as 'git\n help -av'). Those who want the old output may say 'git\n help --no-verbose -a'..\n\n - 'git send-email' learned to grab address-looking string\n on any trailer whose name ends with '-by'.\n\n - 'git format-patch' learned new '--interdiff' and\n '--range-diff' options to explain the difference between\n this version and the previous attempt in the cover\n letter (or after the three-dashes as a comment).\n\n - Developer builds now use -Wunused-function compilation\n option.\n\n - Fix a bug in which the same path could be registered\n under multiple worktree entries if the path was missing\n (for instance, was removed manually). Also, as a\n convenience, expand the number of cases in which --force\n is applicable.\n\n - The overly large Documentation/config.txt file have been\n split into million little pieces. This potentially\n allows each individual piece to be included into the\n manual page of the command it affects more easily.\n\n - Malformed or crafted data in packstream can make our\n code attempt to read or write past the allocated buffer\n and abort, instead of reporting an error, which has been\n fixed.\n\n - Fix for a long-standing bug that leaves the index file\n corrupt when it shrinks during a partial commit.\n\n - 'git merge' and 'git pull' that merges into an unborn\n branch used to completely ignore '--verify-signatures',\n which has been corrected.\n\n - ...and much more features and fixes\n\ngit 2.19.2 :\n\n - various bug fixes for multiple subcommands and\n operations\n\ngit 2.19.1 :\n\n - CVE-2018-17456: Specially crafted .gitmodules files may\n have allowed arbitrary code execution when the\n repository is cloned with --recurse-submodules\n (bsc#1110949)\n\ngit 2.19.0 :\n\n - 'git diff' compares the index and the working tree. For\n paths added with intent-to-add bit, the command shows\n the full contents of them as added, but the paths\n themselves were not marked as new files. They are now\n shown as new by default.\n\n - 'git apply' learned the '--intent-to-add' option so that\n an otherwise working-tree-only application of a patch\n will add new paths to the index marked with the\n 'intent-to-add' bit.\n\n - 'git grep' learned the '--column' option that gives not\n just the line number but the column number of the hit.\n\n - The '-l' option in 'git branch -l' is an unfortunate\n short-hand for '--create-reflog', but many users, both\n old and new, somehow expect it to be something else,\n perhaps '--list'. This step warns when '-l' is used as a\n short-hand for '--create-reflog' and warns about the\n future repurposing of the it when it is used.\n\n - The userdiff pattern for .php has been updated.\n\n - The content-transfer-encoding of the message 'git\n send-email' sends out by default was 8bit, which can\n cause trouble when there is an overlong line to bust RFC\n 5322/2822 limit. A new option 'auto' to automatically\n switch to quoted-printable when there is such a line in\n the payload has been introduced and is made the default.\n\n - 'git checkout' and 'git worktree add' learned to honor\n checkout.defaultRemote when auto-vivifying a local\n branch out of a remote tracking branch in a repository\n with multiple remotes that have tracking branches that\n share the same names. (merge 8d7b558bae\n ab/checkout-default-remote later to maint).\n\n - 'git grep' learned the '--only-matching' option.\n\n - 'git rebase --rebase-merges' mode now handles octopus\n merges as well.\n\n - Add a server-side knob to skip commits in\n exponential/fibbonacci stride in an attempt to cover\n wider swath of history with a smaller number of\n iterations, potentially accepting a larger packfile\n transfer, instead of going back one commit a time during\n common ancestor discovery during the 'git fetch'\n transaction. (merge 42cc7485a2\n jt/fetch-negotiator-skipping later to maint).\n\n - A new configuration variable core.usereplacerefs has\n been added, primarily to help server installations that\n want to ignore the replace mechanism altogether.\n\n - Teach 'git tag -s' etc. a few configuration variables\n (gpg.format that can be set to 'openpgp' or 'x509', and\n gpg.<format>.program that is used to specify what\n program to use to deal with the format) to allow x.509\n certs with CMS via 'gpgsm' to be used instead of openpgp\n via 'gnupg'.\n\n - Many more strings are prepared for l10n.\n\n - 'git p4 submit' learns to ask its own pre-submit hook if\n it should continue with submitting.\n\n - The test performed at the receiving end of 'git push' to\n prevent bad objects from entering repository can be\n customized via receive.fsck.* configuration variables;\n we now have gained a counterpart to do the same on the\n 'git fetch' side, with fetch.fsck.* configuration\n variables.\n\n - 'git pull --rebase=interactive' learned 'i' as a\n short-hand for 'interactive'.\n\n - 'git instaweb' has been adjusted to run better with\n newer Apache on RedHat based distros.\n\n - 'git range-diff' is a reimplementation of 'git tbdiff'\n that lets us compare individual patches in two\n iterations of a topic.\n\n - The sideband code learned to optionally paint selected\n keywords at the beginning of incoming lines on the\n receiving end.\n\n - 'git branch --list' learned to take the default sort\n order from the 'branch.sort' configuration variable,\n just like 'git tag --list' pays attention to 'tag.sort'.\n\n - 'git worktree' command learned '--quiet' option to make\n it less verbose.\n\ngit 2.18.0 :\n\n - improvements to rename detection logic\n\n - When built with more recent cURL, GIT_SSL_VERSION can\n now specify 'tlsv1.3' as its value.\n\n - 'git mergetools' learned talking to guiffy.\n\n - various other workflow improvements and fixes\n\n - performance improvements and other developer visible\n fixes\n\ngit 2.17.1\n\n - Submodule 'names' come from the untrusted .gitmodules\n file, but we blindly append them to $GIT_DIR/modules to\n create our on-disk repo paths. This means you can do bad\n things by putting '../' into the name. We now enforce\n some rules for submodule names which will cause Git to\n ignore these malicious names (CVE-2018-11235,\n bsc#1095219)\n\n - It was possible to trick the code that sanity-checks\n paths on NTFS into reading random piece of memory\n (CVE-2018-11233, bsc#1095218)\n\n - Support on the server side to reject pushes to\n repositories that attempt to create such problematic\n .gitmodules file etc. as tracked contents, to help\n hosting sites protect their customers by preventing\n malicious contents from spreading.\n\ngit 2.17.0 :\n\n - 'diff' family of commands learned\n '--find-object=<object-id>' option to limit the findings\n to changes that involve the named object.\n\n - 'git format-patch' learned to give 72-cols to diffstat,\n which is consistent with other line length limits the\n subcommand uses for its output meant for e-mails.\n\n - The log from 'git daemon' can be redirected with a new\n option; one relevant use case is to send the log to\n standard error (instead of syslog) when running it from\n inetd.\n\n - 'git rebase' learned to take '--allow-empty-message'\n option.\n\n - 'git am' has learned the '--quit' option, in addition to\n the existing '--abort' option; having the pair mirrors a\n few other commands like 'rebase' and 'cherry-pick'.\n\n - 'git worktree add' learned to run the post-checkout\n hook, just like 'git clone' runs it upon the initial\n checkout.\n\n - 'git tag' learned an explicit '--edit' option that\n allows the message given via '-m' and '-F' to be further\n edited.\n\n - 'git fetch --prune-tags' may be used as a handy\n short-hand for getting rid of stale tags that are\n locally held.\n\n - The new '--show-current-patch' option gives an end-user\n facing way to get the diff being applied when 'git\n rebase' (and 'git am') stops with a conflict.\n\n - 'git add -p' used to offer '/' (look for a matching\n hunk) as a choice, even there was only one hunk, which\n has been corrected. Also the single-key help is now\n given only for keys that are enabled (e.g. help for '/'\n won't be shown when there is only one hunk).\n\n - Since Git 1.7.9, 'git merge' defaulted to --no-ff (i.e.\n even when the side branch being merged is a descendant\n of the current commit, create a merge commit instead of\n fast-forwarding) when merging a tag object. This was\n appropriate default for integrators who pull signed tags\n from their downstream contributors, but caused an\n unnecessary merges when used by downstream contributors\n who habitually 'catch up' their topic branches with\n tagged releases from the upstream. Update 'git merge' to\n default to --no-ff only when merging a tag object that\n does *not* sit at its usual place in refs/tags/\n hierarchy, and allow fast-forwarding otherwise, to\n mitigate the problem.\n\n - 'git status' can spend a lot of cycles to compute the\n relation between the current branch and its upstream,\n which can now be disabled with '--no-ahead-behind'\n option.\n\n - 'git diff' and friends learned funcname patterns for Go\n language source files.\n\n - 'git send-email' learned '--reply-to=<address>' option.\n\n - Funcname pattern used for C# now recognizes 'async'\n keyword.\n\n - In a way similar to how 'git tag' learned to honor the\n pager setting only in the list mode, 'git config'\n learned to ignore the pager setting when it is used for\n setting values (i.e. when the purpose of the operation\n is not to 'show').\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1063412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110949\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112230\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114225\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1149792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1156651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1158785\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1158787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1158788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1158789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1158790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1158791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1158792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1158793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1158795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1168930\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169605\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169936\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19604\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Malicious Git HTTP Server For CVE-2018-17456');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-arch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-credential-gnome-keyring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-credential-gnome-keyring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-credential-libsecret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-credential-libsecret-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-daemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-svn-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-arch-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-core-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-core-debuginfo-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-credential-gnome-keyring-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-credential-gnome-keyring-debuginfo-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-credential-libsecret-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-credential-libsecret-debuginfo-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-cvs-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-daemon-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-daemon-debuginfo-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-debuginfo-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-debugsource-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-email-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-gui-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-p4-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-svn-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-svn-debuginfo-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"git-web-2.26.1-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"gitk-2.26.1-lp151.4.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git / git-arch / git-core / git-core-debuginfo / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:10:33", "description": "This update for git fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2020-5260: With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host (bsc#1168930).\n\nNon-security issue fixed :\n\ngit was updated to 2.26.0 for SHA256 support (bsc#1167890, jsc#SLE-11608): the xinetd snippet was removed\n\nthe System V init script for the git-daemon was replaced by a systemd service file of the same name.\n\ngit 2.26.0: 'git rebase' now uses a different backend that is based on the 'merge' machinery by default. The 'rebase.backend' configuration variable reverts to old behaviour when set to 'apply'\n\nImproved handling of sparse checkouts\n\nImprovements to many commands and internal features\n\ngit 2.25.1: 'git commit' now honors advise.statusHints\n\nvarious updates, bug fixes and documentation updates\n\ngit 2.25.0: The branch description ('git branch --edit-description') has been used to fill the body of the cover letters by the format-patch command; this has been enhanced so that the subject can also be filled.\n\nA few commands learned to take the pathspec from the standard input or a named file, instead of taking it as the command line arguments, with the '--pathspec-from-file' option.\n\nTest updates to prepare for SHA-2 transition continues.\n\nRedo 'git name-rev' to avoid recursive calls.\n\nWhen all files from some subdirectory were renamed to the root directory, the directory rename heuristics would fail to detect that as a rename/merge of the subdirectory to the root directory, which has been corrected.\n\nHTTP transport had possible allocator/deallocator mismatch, which has been corrected.\n\ngit 2.24.1: CVE-2019-1348: The --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785)\n\nCVE-2019-1349: on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787)\n\nCVE-2019-1350: Incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788)\n\nCVE-2019-1351: on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789)\n\nCVE-2019-1352: on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790)\n\nCVE-2019-1353: when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791)\n\nCVE-2019-1354: on Windows refuses to write tracked files with filenames that contain backslashes (bsc#1158792)\n\nCVE-2019-1387: Recursive clones vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793)\n\nCVE-2019-19604: a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795)\n\nFix building with asciidoctor and without DocBook4 stylesheets.\n\ngit 2.24.0 The command line parser learned '--end-of-options' notation.\n\nA mechanism to affect the default setting for a (related) group of configuration variables is introduced.\n\n'git fetch' learned '--set-upstream' option to help those who first clone from their private fork they intend to push to, add the true upstream via 'git remote add' and then 'git fetch' from it.\n\nfixes and improvements to UI, workflow and features, bash completion fixes\n\npart of it merged upstream\n\nthe Makefile attempted to download some documentation, banned\n\ngit 2.23.0: The '--base' option of 'format-patch' computed the patch-ids for prerequisite patches in an unstable way, which has been updated to compute in a way that is compatible with 'git patch-id\n\n--stable'.\n\nThe 'git log' command by default behaves as if the --mailmap option was given.\n\nfixes and improvements to UI, workflow and features\n\ngit 2.22.1: A relative pathname given to 'git init\n--template=<path><repo>' ought to be relative to the directory 'git init' gets invoked in, but it instead was made relative to the repository, which has been corrected. </repo></path>\n\n'git worktree add' used to fail when another worktree connected to the same repository was corrupt, which has been corrected.\n\n'git am -i --resolved' segfaulted after trying to see a commit as if it were a tree, which has been corrected.\n\n'git merge --squash' is designed to update the working tree and the index without creating the commit, and this cannot be countermanded by adding the '--commit' option; the command now refuses to work when both options are given.\n\nUpdate to Unicode 12.1 width table.\n\n'git request-pull' learned to warn when the ref we ask them to pull from in the local repository and in the published repository are different.\n\n'git fetch' into a lazy clone forgot to fetch base objects that are necessary to complete delta in a thin packfile, which has been corrected.\n\nThe URL decoding code has been updated to avoid going past the end of the string while parsing %-<hex>-<hex> sequence. </hex></hex>\n\n'git clean' silently skipped a path when it cannot lstat() it; now it gives a warning.\n\n'git rm' to resolve a conflicted path leaked an internal message 'needs merge' before actually removing the path, which was confusing.\nThis has been corrected.\n\nMany more bugfixes and code cleanups.\n\nremoval of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by firewalld, see [1]. [1]:\nhttps://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html\n\ngit 2.22.0: The filter specification '--filter=sparse:path=<path>' used to create a lazy/partial clone has been removed. Using a blob that is part of the project as sparse specification is still supported with the '--filter=sparse:oid=<blob>' option </blob></path>\n\n'git checkout --no-overlay' can be used to trigger a new mode of checking out paths out of the tree-ish, that allows paths that match the pathspec that are in the current index and working tree and are not in the tree-ish.\n\nFour new configuration variables {author,committer}.{name,email} have been introduced to override user.{name,email} in more specific cases.\n\n'git branch' learned a new subcommand '--show-current'.\n\nThe command line completion (in contrib/) has been taught to complete more subcommand parameters.\n\nThe completion helper code now pays attention to repository-local configuration (when available), which allows --list-cmds to honour a repository specific setting of completion.commands, for example.\n\nThe list of conflicted paths shown in the editor while concluding a conflicted merge was shown above the scissors line when the clean-up mode is set to 'scissors', even though it was commented out just like the list of updated paths and other information to help the user explain the merge better.\n\n'git rebase' that was reimplemented in C did not set ORIG_HEAD correctly, which has been corrected.\n\n'git worktree add' used to do a 'find an available name with stat and then mkdir', which is race-prone. This has been fixed by using mkdir and reacting to EEXIST in a loop.\n\nupdate git-web AppArmor profile for bash and tar usrMerge (bsc#1132350)\n\ngit 2.21.0: Historically, the '-m' (mainline) option can only be used for 'git cherry-pick' and 'git revert' when working with a merge commit. This version of Git no longer warns or errors out when working with a single-parent commit, as long as the argument to the '-m' option is 1 (i.e. it has only one parent, and the request is to pick or revert relative to that first parent). Scripts that relied on the behaviour may get broken with this change.\n\nSmall fixes and features for fast-export and fast-import.\n\nThe 'http.version' configuration variable can be used with recent enough versions of cURL library to force the version of HTTP used to talk when fetching and pushing.\n\n'git push $there $src:$dst' rejects when $dst is not a fully qualified refname and it is not clear what the end user meant.\n\nUpdate 'git multimail' from the upstream.\n\nA new date format '--date=human' that morphs its output depending on how far the time is from the current time has been introduced.\n'--date=auto:human' can be used to use this new format (or any existing format) when the output is going to the pager or to the terminal, and otherwise the default format.\n\nFix worktree creation race (bsc#1114225).\n\ngit 2.20.1: portability fixes\n\n'git help -a' did not work well when an overly long alias was defined\n\nno longer squelched an error message when the run_command API failed to run a missing command\n\ngit 2.20.0: 'git help -a' now gives verbose output (same as 'git help\n-av'). Those who want the old output may say 'git help --no-verbose\n-a'..\n\n'git send-email' learned to grab address-looking string on any trailer whose name ends with '-by'.\n\n'git format-patch' learned new '--interdiff' and '--range-diff' options to explain the difference between this version and the previous attempt in the cover letter (or after the three-dashes as a comment).\n\nDeveloper builds now use -Wunused-function compilation option.\n\nFix a bug in which the same path could be registered under multiple worktree entries if the path was missing (for instance, was removed manually). Also, as a convenience, expand the number of cases in which\n\n--force is applicable.\n\nThe overly large Documentation/config.txt file have been split into million little pieces. This potentially allows each individual piece to be included into the manual page of the command it affects more easily.\n\nMalformed or crafted data in packstream can make our code attempt to read or write past the allocated buffer and abort, instead of reporting an error, which has been fixed.\n\nFix for a long-standing bug that leaves the index file corrupt when it shrinks during a partial commit.\n\n'git merge' and 'git pull' that merges into an unborn branch used to completely ignore '--verify-signatures', which has been corrected.\n\n...and much more features and fixes\n\nfix CVE-2018-19486 (bsc#1117257)\n\ngit 2.19.2: various bug fixes for multiple subcommands and operations\n\ngit 2.19.1: CVE-2018-17456: Specially crafted .gitmodules files may have allowed arbitrary code execution when the repository is cloned with\n\n--recurse-submodules (bsc#1110949)\n\ngit 2.19.0: 'git diff' compares the index and the working tree. For paths added with intent-to-add bit, the command shows the full contents of them as added, but the paths themselves were not marked as new files. They are now shown as new by default.\n\n'git apply' learned the '--intent-to-add' option so that an otherwise working-tree-only application of a patch will add new paths to the index marked with the 'intent-to-add' bit.\n\n'git grep' learned the '--column' option that gives not just the line number but the column number of the hit.\n\nThe '-l' option in 'git branch -l' is an unfortunate short-hand for '--create-reflog', but many users, both old and new, somehow expect it to be something else, perhaps '--list'. This step warns when '-l' is used as a short-hand for '--create-reflog' and warns about the future repurposing of the it when it is used.\n\nThe userdiff pattern for .php has been updated.\n\nThe content-transfer-encoding of the message 'git send-email' sends out by default was 8bit, which can cause trouble when there is an overlong line to bust RFC 5322/2822 limit. A new option 'auto' to automatically switch to quoted-printable when there is such a line in the payload has been introduced and is made the default.\n\n'git checkout' and 'git worktree add' learned to honor checkout.defaultRemote when auto-vivifying a local branch out of a remote tracking branch in a repository with multiple remotes that have tracking branches that share the same names. (merge 8d7b558bae ab/checkout-default-remote later to maint).\n\n'git grep' learned the '--only-matching' option.\n\n'git rebase --rebase-merges' mode now handles octopus merges as well.\n\nAdd a server-side knob to skip commits in exponential/fibbonacci stride in an attempt to cover wider swath of history with a smaller number of iterations, potentially accepting a larger packfile transfer, instead of going back one commit a time during common ancestor discovery during the 'git fetch' transaction. (merge 42cc7485a2 jt/fetch-negotiator-skipping later to maint).\n\nA new configuration variable core.usereplacerefs has been added, primarily to help server installations that want to ignore the replace mechanism altogether.\n\nTeach 'git tag -s' etc. a few configuration variables (gpg.format that can be set to 'openpgp' or 'x509', and gpg.<format>.program that is used to specify what program to use to deal with the format) to allow x.509 certs with CMS via 'gpgsm' to be used instead of openpgp via 'gnupg'. </format>\n\nMany more strings are prepared for l10n.\n\n'git p4 submit' learns to ask its own pre-submit hook if it should continue with submitting.\n\nThe test performed at the receiving end of 'git push' to prevent bad objects from entering repository can be customized via receive.fsck.* configuration variables; we now have gained a counterpart to do the same on the 'git fetch' side, with fetch.fsck.* configuration variables.\n\n'git pull --rebase=interactive' learned 'i' as a short-hand for 'interactive'.\n\n'git instaweb' has been adjusted to run better with newer Apache on RedHat based distros.\n\n'git range-diff' is a reimplementation of 'git tbdiff' that lets us compare individual patches in two iterations of a topic.\n\nThe sideband code learned to optionally paint selected keywords at the beginning of incoming lines on the receiving end.\n\n'git branch --list' learned to take the default sort order from the 'branch.sort' configuration variable, just like 'git tag --list' pays attention to 'tag.sort'.\n\n'git worktree' command learned '--quiet' option to make it less verbose.\n\ngit 2.18.0: improvements to rename detection logic\n\nWhen built with more recent cURL, GIT_SSL_VERSION can now specify 'tlsv1.3' as its value.\n\n'git mergetools' learned talking to guiffy.\n\nvarious other workflow improvements and fixes\n\nperformance improvements and other developer visible fixes\n\nUpdate to git 2.16.4: security fix release\n\ngit 2.17.1: Submodule 'names' come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting '../' into the name. We now enforce some rules for submodule names which will cause Git to ignore these malicious names (CVE-2018-11235, bsc#1095219)\n\nIt was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory (CVE-2018-11233, bsc#1095218)\n\nSupport on the server side to reject pushes to repositories that attempt to create such problematic .gitmodules file etc. as tracked contents, to help hosting sites protect their customers by preventing malicious contents from spreading.\n\ngit 2.17.0: 'diff' family of commands learned '--find-object=<object-id>' option to limit the findings to changes that involve the named object. </object-id>\n\n'git format-patch' learned to give 72-cols to diffstat, which is consistent with other line length limits the subcommand uses for its output meant for e-mails.\n\nThe log from 'git daemon' can be redirected with a new option; one relevant use case is to send the log to standard error (instead of syslog) when running it from inetd.\n\n'git rebase' learned to take '--allow-empty-message' option.\n\n'git am' has learned the '--quit' option, in addition to the existing '--abort' option; having the pair mirrors a few other commands like 'rebase' and 'cherry-pick'.\n\n'git worktree add' learned to run the post-checkout hook, just like 'git clone' runs it upon the initial checkout.\n\n'git tag' learned an explicit '--edit' option that allows the message given via '-m' and '-F' to be further edited.\n\n'git fetch --prune-tags' may be used as a handy short-hand for getting rid of stale tags that are locally held.\n\nThe new '--show-current-patch' option gives an end-user facing way to get the diff being applied when 'git rebase' (and 'git am') stops with a conflict.\n\n'git add -p' used to offer '/' (look for a matching hunk) as a choice, even there was only one hunk, which has been corrected. Also the single-key help is now given only for keys that are enabled (e.g. help for '/' won't be shown when there is only one hunk).\n\nSince Git 1.7.9, 'git merge' defaulted to --no-ff (i.e. even when the side branch being merged is a descendant of the current commit, create a merge commit instead of fast-forwarding) when merging a tag object.\nThis was appropriate default for integrators who pull signed tags from their downstream contributors, but caused an unnecessary merges when used by downstream contributors who habitually 'catch up' their topic branches with tagged releases from the upstream. Update 'git merge' to default to --no-ff only when merging a tag object that does *not* sit at its usual place in refs/tags/ hierarchy, and allow fast-forwarding otherwise, to mitigate the problem.\n\n'git status' can spend a lot of cycles to compute the relation between the current branch and its upstream, which can now be disabled with '--no-ahead-behind' option.\n\n'git diff' and friends learned funcname patterns for Go language source files.\n\n'git send-email' learned '--reply-to=<address>' option. </address>\n\nFuncname pattern used for C# now recognizes 'async' keyword.\n\nIn a way similar to how 'git tag' learned to honor the pager setting only in the list mode, 'git config' learned to ignore the pager setting when it is used for setting values (i.e. when the purpose of the operation is not to 'show').\n\nUse %license instead of %doc [bsc#1082318]\n\ngit 2.16.3: 'git status' after moving a path in the working tree (hence making it appear 'removed') and then adding with the -N option (hence making that appear 'added') detected it as a rename, but did not report the old and new pathnames correctly.\n\n'git commit --fixup' did not allow '-m<message>' option to be used at the same time; allow it to annotate resulting commit with more text.\n</message>\n\nWhen resetting the working tree files recursively, the working tree of submodules are now also reset to match.\n\nFix for a commented-out code to adjust it to a rather old API change around object ID.\n\nWhen there are too many changed paths, 'git diff' showed a warning message but in the middle of a line.\n\nThe http tracing code, often used to debug connection issues, learned to redact potentially sensitive information from its output so that it can be more safely sharable.\n\nCrash fix for a corner case where an error codepath tried to unlock what it did not acquire lock on.\n\nThe split-index mode had a few corner case bugs fixed.\n\nAssorted fixes to 'git daemon'.\n\nCompletion of 'git merge -s<strategy>' (in contrib/) did not work well in non-C locale. </strategy>\n\nWorkaround for segfault with more recent versions of SVN.\n\nRecently introduced leaks in fsck have been plugged.\n\nTravis CI integration now builds the executable in 'script' phase to follow the established practice, rather than during 'before_script' phase. This allows the CI categorize the failures better ('failed' is project's fault, 'errored' is build environment's).\n\nDrop superfluous xinetd snippet, no longer used (bsc#1084460)\n\nBuild with asciidoctor for the recent distros (bsc#1075764)\n\nMove %{?systemd_requires} to daemon subpackage\n\nCreate subpackage for libsecret credential helper.\n\ngit 2.16.2: An old regression in 'git describe --all $annotated_tag^0' has been fixed.\n\n'git svn dcommit' did not take into account the fact that a svn+ssh:// URL with a username@ (typically used for pushing) refers to the same SVN repository without the username@ and failed when svn.pushmergeinfo option is set.\n\n'git merge -Xours/-Xtheirs' learned to use our/their version when resolving a conflicting updates to a symbolic link.\n\n'git clone $there $here' is allowed even when here directory exists as long as it is an empty directory, but the command incorrectly removed it upon a failure of the operation.\n\n'git stash -- <pathspec>' incorrectly blew away untracked files in the directory that matched the pathspec, which has been corrected.\n</pathspec>\n\n'git add -p' was taught to ignore local changes to submodules as they do not interfere with the partial addition of regular changes anyway.\n\ngit 2.16.1: 'git clone' segfaulted when cloning a project that happens to track two paths that differ only in case on a case insensitive filesystem\n\ngit 2.16.0 (CVE-2017-15298, bsc#1063412): See https://raw.github.com/git/git/master/Documentation/RelNotes/2.16.0.tx t\n\ngit 2.15.1: fix 'auto' column output\n\nfixes to moved lines diffing\n\ndocumentation updates\n\nfix use of repositories immediately under the root directory\n\nimprove usage of libsecret\n\nfixes to various error conditions in git commands\n\nRewrite from sysv init to systemd unit file for git-daemon (bsc#1069803)\n\nReplace references to /var/adm/fillup-templates with new %_fillupdir macro (bsc#1069468)\n\nsplit off p4 to a subpackage (bsc#1067502)\n\nBuild with the external libsha1detectcoll (bsc#1042644)\n\ngit 2.15.0: Use of an empty string as a pathspec element that is used for 'everything matches' is still warned and Git asks users to use a more explicit '.' for that instead. Removal scheduled for 2.16\n\nGit now avoids blindly falling back to '.git' when the setup sequence said we are _not_ in Git repository (another corner case removed)\n\n'branch --set-upstream' was retired, deprecated since 1.8\n\nmany other improvements and updates\n\ngit 2.14.3: git send-email understands more cc: formats\n\nfixes so gitk --bisect\n\ngit commit-tree fixed to handle -F file alike\n\nPrevent segfault in 'git cat-file --textconv'\n\nFix function header parsing for HTML\n\nVarious small fixes to user commands and and internal functions\n\ngit 2.14.2: fixes to color output\n\nhttp.{sslkey,sslCert} now interpret '~[username]/' prefix\n\nfixes to walking of reflogs via 'log -g' and friends\n\nvarious fixes to output correctness\n\n'git push --recurse-submodules $there HEAD:$target' is now propagated down to the submodules\n\n'git clone --recurse-submodules --quiet' c$how propagates quiet option down to submodules.\n\n'git svn --localtime' correctness fixes\n\n'git grep -L' and 'git grep --quiet -L' now report same exit code\n\nfixes to 'git apply' when converting line endings\n\nVarious Perl scripts did not use safe_pipe_capture() instead of backticks, leaving them susceptible to end-user input. CVE-2017-14867 bsc#1061041\n\n'git cvsserver' no longer is invoked by 'git daemon' by default\n\ngit 2.14.1 (bsc#1052481): Security fix for CVE-2017-1000117: A malicious third-party can give a crafted 'ssh://...' URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running 'git clone\n--recurse-submodules' to trigger the vulnerability.\n\nA 'ssh://...' URL can result in a 'ssh' command line with a hostname that begins with a dash '-', which would cause the 'ssh' command to instead (mis)treat it as an option. This is now prevented by forbidding such a hostname (which should not impact any real-world usage).\n\nSimilarly, when GIT_PROXY_COMMAND is configured, the command is run with host and port that are parsed out from 'ssh://...' URL; a poorly written GIT_PROXY_COMMAND could be tricked into treating a string that begins with a dash '-' as an option. This is now prevented by forbidding such a hostname and port number (again, which should not impact any real-world usage).\n\nIn the same spirit, a repository name that begins with a dash '-' is also forbidden now.\n\ngit 2.14.0: Use of an empty string as a pathspec element that is used for 'everything matches' is deprecated, use '.'\n\nAvoid blindly falling back to '.git' when the setup sequence indicates operation not on a Git repository\n\n'indent heuristics' are now the default.\n\nBuilds with pcre2\n\nMany bug fixes, improvements and updates\n\ngit 2.13.4: Update the character width tables.\n\nFix an alias that contained an uppercase letter\n\nProgress meter fixes\n\ngit gc concurrency fixes\n\ngit 2.13.3: various internal bug fixes\n\nFix a regression to 'git rebase -i'\n\nCorrect unaligned 32-bit access in pack-bitmap code\n\nTighten error checks for invalid 'git apply' input\n\nThe split index code did not honor core.sharedrepository setting correctly\n\nFix 'git branch --list' handling of color.branch.local\n\ngit 2.13.2: 'collision detecting' SHA-1 update for platform fixes\n\n'git checkout --recurse-submodules' did not quite work with a submodule that itself has submodules.\n\nThe 'run-command' API implementation has been made more robust against dead-locking in a threaded environment.\n\n'git clean -d' now only cleans ignored files with '-x'\n\n'git status --ignored' did not list ignored and untracked files without '-uall'\n\n'git pull --rebase --autostash' didn't auto-stash when the local history fast-forwards to the upstream.\n\n'git describe --contains' gives as much weight to lightweight tags as annotated tags\n\nFix 'git stash push <pathspec>' from a subdirectory </pathspec>\n\ngit 2.13.1: Setting 'log.decorate=false' in the configuration file did not take effect in v2.13, which has been corrected.\n\ncorrections to documentation and command help output\n\ngarbage collection fixes\n\nmemory leaks fixed\n\nreceive-pack now makes sure that the push certificate records the same set of push options used for pushing\n\nshell completion corrections for git stash\n\nfix 'git clone --config var=val' with empty strings\n\ninternal efficiency improvements\n\nUpdate sha1 collision detection code for big-endian platforms and platforms not supporting unaligned fetches\n\nFix packaging of documentation\n\ngit 2.13.0: empty string as a pathspec element for 'everything matches' is still warned, for future removal.\n\ndeprecated argument order 'git merge <msg> HEAD <commit>...' was removed </commit></msg>\n\ndefault location '~/.git-credential-cache/socket' for the socket used to communicate with the credential-cache daemon moved to '~/.cache/git/credential/socket'.\n\nnow avoid blindly falling back to '.git' when the setup sequence indicated otherwise\n\nmany workflow features, improvements and bug fixes\n\nadd a hardened implementation of SHA1 in response to practical collision attacks (CVE-2005-4900, bsc#1042640)\n\nCVE-2017-8386: On a server running git-shell as login shell to restrict user to git commands, remote users may have been able to have git service programs spawn an interactive pager and thus escape the shell restrictions. (bsc#1038395)\n\nChanges in pcre2: Include the libraries, development and tools packages.\n\ngit uses only libpcre2-8 so far, but this allows further application usage of pcre2.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-15T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : git (SUSE-SU-2020:0992-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-4900", "CVE-2017-1000117", "CVE-2017-14867", "CVE-2017-15298", "CVE-2017-8386", "CVE-2018-11233", "CVE-2018-11235", "CVE-2018-17456", "CVE-2018-19486", "CVE-2019-1348", "CVE-2019-1349", "CVE-2019-1350", "CVE-2019-1351", "CVE-2019-1352", "CVE-2019-1353", "CVE-2019-1354", "CVE-2019-1387", "CVE-2019-19604", "CVE-2020-5260"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:git-core", "p-cpe:/a:novell:suse_linux:git-core-debuginfo", "p-cpe:/a:novell:suse_linux:git-debugsource", "p-cpe:/a:novell:suse_linux:libpcre2-16", "p-cpe:/a:novell:suse_linux:libpcre2-16-0-debuginfo", "p-cpe:/a:novell:suse_linux:libpcre2-32", "p-cpe:/a:novell:suse_linux:libpcre2-32-0-debuginfo", "p-cpe:/a:novell:suse_linux:libpcre2-8", "p-cpe:/a:novell:suse_linux:libpcre2-8-0-debuginfo", "p-cpe:/a:novell:suse_linux:libpcre2-posix2", "p-cpe:/a:novell:suse_linux:libpcre2-posix2-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-0992-1.NASL", "href": "https://www.tenable.com/plugins/nessus/135580", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:0992-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135580);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\n \"CVE-2005-4900\",\n \"CVE-2017-8386\",\n \"CVE-2017-14867\",\n \"CVE-2017-15298\",\n \"CVE-2017-1000117\",\n \"CVE-2018-11233\",\n \"CVE-2018-11235\",\n \"CVE-2018-17456\",\n \"CVE-2018-19486\",\n \"CVE-2019-1348\",\n \"CVE-2019-1349\",\n \"CVE-2019-1350\",\n \"CVE-2019-1351\",\n \"CVE-2019-1352\",\n \"CVE-2019-1353\",\n \"CVE-2019-1354\",\n \"CVE-2019-1387\",\n \"CVE-2019-19604\",\n \"CVE-2020-5260\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : git (SUSE-SU-2020:0992-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for git fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2020-5260: With a crafted URL that contains a newline in it, the\ncredential helper machinery can be fooled to give credential\ninformation for a wrong host (bsc#1168930).\n\nNon-security issue fixed :\n\ngit was updated to 2.26.0 for SHA256 support (bsc#1167890,\njsc#SLE-11608): the xinetd snippet was removed\n\nthe System V init script for the git-daemon was replaced by a systemd\nservice file of the same name.\n\ngit 2.26.0: 'git rebase' now uses a different backend that is based on\nthe 'merge' machinery by default. The 'rebase.backend' configuration\nvariable reverts to old behaviour when set to 'apply'\n\nImproved handling of sparse checkouts\n\nImprovements to many commands and internal features\n\ngit 2.25.1: 'git commit' now honors advise.statusHints\n\nvarious updates, bug fixes and documentation updates\n\ngit 2.25.0: The branch description ('git branch --edit-description')\nhas been used to fill the body of the cover letters by the\nformat-patch command; this has been enhanced so that the subject can\nalso be filled.\n\nA few commands learned to take the pathspec from the standard input or\na named file, instead of taking it as the command line arguments, with\nthe '--pathspec-from-file' option.\n\nTest updates to prepare for SHA-2 transition continues.\n\nRedo 'git name-rev' to avoid recursive calls.\n\nWhen all files from some subdirectory were renamed to the root\ndirectory, the directory rename heuristics would fail to detect that\nas a rename/merge of the subdirectory to the root directory, which has\nbeen corrected.\n\nHTTP transport had possible allocator/deallocator mismatch, which has\nbeen corrected.\n\ngit 2.24.1: CVE-2019-1348: The --export-marks option of fast-import is\nexposed also via the in-stream command feature export-marks=... and it\nallows overwriting arbitrary paths (bsc#1158785)\n\nCVE-2019-1349: on Windows, when submodules are cloned recursively,\nunder certain circumstances Git could be fooled into using the same\nGit directory twice (bsc#1158787)\n\nCVE-2019-1350: Incorrect quoting of command-line arguments allowed\nremote code execution during a recursive clone in conjunction with SSH\nURLs (bsc#1158788)\n\nCVE-2019-1351: on Windows mistakes drive letters outside of the\nUS-English alphabet as relative paths (bsc#1158789)\n\nCVE-2019-1352: on Windows was unaware of NTFS Alternate Data Streams\n(bsc#1158790)\n\nCVE-2019-1353: when run in the Windows Subsystem for Linux while\naccessing a working directory on a regular Windows drive, none of the\nNTFS protections were active (bsc#1158791)\n\nCVE-2019-1354: on Windows refuses to write tracked files with\nfilenames that contain backslashes (bsc#1158792)\n\nCVE-2019-1387: Recursive clones vulnerability that is caused by\ntoo-lax validation of submodule names, allowing very targeted attacks\nvia remote code execution in recursive clones (bsc#1158793)\n\nCVE-2019-19604: a recursive clone followed by a submodule update could\nexecute code contained within the repository without the user\nexplicitly having asked for that (bsc#1158795)\n\nFix building with asciidoctor and without DocBook4 stylesheets.\n\ngit 2.24.0 The command line parser learned '--end-of-options'\nnotation.\n\nA mechanism to affect the default setting for a (related) group of\nconfiguration variables is introduced.\n\n'git fetch' learned '--set-upstream' option to help those who first\nclone from their private fork they intend to push to, add the true\nupstream via 'git remote add' and then 'git fetch' from it.\n\nfixes and improvements to UI, workflow and features, bash completion\nfixes\n\npart of it merged upstream\n\nthe Makefile attempted to download some documentation, banned\n\ngit 2.23.0: The '--base' option of 'format-patch' computed the\npatch-ids for prerequisite patches in an unstable way, which has been\nupdated to compute in a way that is compatible with 'git patch-id\n\n--stable'.\n\nThe 'git log' command by default behaves as if the --mailmap option\nwas given.\n\nfixes and improvements to UI, workflow and features\n\ngit 2.22.1: A relative pathname given to 'git init\n--template=<path><repo>' ought to be relative to the directory 'git\ninit' gets invoked in, but it instead was made relative to the\nrepository, which has been corrected. </repo></path>\n\n'git worktree add' used to fail when another worktree connected to the\nsame repository was corrupt, which has been corrected.\n\n'git am -i --resolved' segfaulted after trying to see a commit as if\nit were a tree, which has been corrected.\n\n'git merge --squash' is designed to update the working tree and the\nindex without creating the commit, and this cannot be countermanded by\nadding the '--commit' option; the command now refuses to work when\nboth options are given.\n\nUpdate to Unicode 12.1 width table.\n\n'git request-pull' learned to warn when the ref we ask them to pull\nfrom in the local repository and in the published repository are\ndifferent.\n\n'git fetch' into a lazy clone forgot to fetch base objects that are\nnecessary to complete delta in a thin packfile, which has been\ncorrected.\n\nThe URL decoding code has been updated to avoid going past the end of\nthe string while parsing %-<hex>-<hex> sequence. </hex></hex>\n\n'git clean' silently skipped a path when it cannot lstat() it; now it\ngives a warning.\n\n'git rm' to resolve a conflicted path leaked an internal message\n'needs merge' before actually removing the path, which was confusing.\nThis has been corrected.\n\nMany more bugfixes and code cleanups.\n\nremoval of SuSEfirewall2 service, since SuSEfirewall2 has been\nreplaced by firewalld, see [1]. [1]:\nhttps://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html\n\ngit 2.22.0: The filter specification '--filter=sparse:path=<path>'\nused to create a lazy/partial clone has been removed. Using a blob\nthat is part of the project as sparse specification is still supported\nwith the '--filter=sparse:oid=<blob>' option </blob></path>\n\n'git checkout --no-overlay' can be used to trigger a new mode of\nchecking out paths out of the tree-ish, that allows paths that match\nthe pathspec that are in the current index and working tree and are\nnot in the tree-ish.\n\nFour new configuration variables {author,committer}.{name,email} have\nbeen introduced to override user.{name,email} in more specific cases.\n\n'git branch' learned a new subcommand '--show-current'.\n\nThe command line completion (in contrib/) has been taught to complete\nmore subcommand parameters.\n\nThe completion helper code now pays attention to repository-local\nconfiguration (when available), which allows --list-cmds to honour a\nrepository specific setting of completion.commands, for example.\n\nThe list of conflicted paths shown in the editor while concluding a\nconflicted merge was shown above the scissors line when the clean-up\nmode is set to 'scissors', even though it was commented out just like\nthe list of updated paths and other information to help the user\nexplain the merge better.\n\n'git rebase' that was reimplemented in C did not set ORIG_HEAD\ncorrectly, which has been corrected.\n\n'git worktree add' used to do a 'find an available name with stat and\nthen mkdir', which is race-prone. This has been fixed by using mkdir\nand reacting to EEXIST in a loop.\n\nupdate git-web AppArmor profile for bash and tar usrMerge\n(bsc#1132350)\n\ngit 2.21.0: Historically, the '-m' (mainline) option can only be used\nfor 'git cherry-pick' and 'git revert' when working with a merge\ncommit. This version of Git no longer warns or errors out when working\nwith a single-parent commit, as long as the argument to the '-m'\noption is 1 (i.e. it has only one parent, and the request is to pick\nor revert relative to that first parent). Scripts that relied on the\nbehaviour may get broken with this change.\n\nSmall fixes and features for fast-export and fast-import.\n\nThe 'http.version' configuration variable can be used with recent\nenough versions of cURL library to force the version of HTTP used to\ntalk when fetching and pushing.\n\n'git push $there $src:$dst' rejects when $dst is not a fully qualified\nrefname and it is not clear what the end user meant.\n\nUpdate 'git multimail' from the upstream.\n\nA new date format '--date=human' that morphs its output depending on\nhow far the time is from the current time has been introduced.\n'--date=auto:human' can be used to use this new format (or any\nexisting format) when the output is going to the pager or to the\nterminal, and otherwise the default format.\n\nFix worktree creation race (bsc#1114225).\n\ngit 2.20.1: portability fixes\n\n'git help -a' did not work well when an overly long alias was defined\n\nno longer squelched an error message when the run_command API failed\nto run a missing command\n\ngit 2.20.0: 'git help -a' now gives verbose output (same as 'git help\n-av'). Those who want the old output may say 'git help --no-verbose\n-a'..\n\n'git send-email' learned to grab address-looking string on any trailer\nwhose name ends with '-by'.\n\n'git format-patch' learned new '--interdiff' and '--range-diff'\noptions to explain the difference between this version and the\nprevious attempt in the cover letter (or after the three-dashes as a\ncomment).\n\nDeveloper builds now use -Wunused-function compilation option.\n\nFix a bug in which the same path could be registered under multiple\nworktree entries if the path was missing (for instance, was removed\nmanually). Also, as a convenience, expand the number of cases in which\n\n--force is applicable.\n\nThe overly large Documentation/config.txt file have been split into\nmillion little pieces. This potentially allows each individual piece\nto be included into the manual page of the command it affects more\neasily.\n\nMalformed or crafted data in packstream can make our code attempt to\nread or write past the allocated buffer and abort, instead of\nreporting an error, which has been fixed.\n\nFix for a long-standing bug that leaves the index file corrupt when it\nshrinks during a partial commit.\n\n'git merge' and 'git pull' that merges into an unborn branch used to\ncompletely ignore '--verify-signatures', which has been corrected.\n\n...and much more features and fixes\n\nfix CVE-2018-19486 (bsc#1117257)\n\ngit 2.19.2: various bug fixes for multiple subcommands and operations\n\ngit 2.19.1: CVE-2018-17456: Specially crafted .gitmodules files may\nhave allowed arbitrary code execution when the repository is cloned\nwith\n\n--recurse-submodules (bsc#1110949)\n\ngit 2.19.0: 'git diff' compares the index and the working tree. For\npaths added with intent-to-add bit, the command shows the full\ncontents of them as added, but the paths themselves were not marked as\nnew files. They are now shown as new by default.\n\n'git apply' learned the '--intent-to-add' option so that an otherwise\nworking-tree-only application of a patch will add new paths to the\nindex marked with the 'intent-to-add' bit.\n\n'git grep' learned the '--column' option that gives not just the line\nnumber but the column number of the hit.\n\nThe '-l' option in 'git branch -l' is an unfortunate short-hand for\n'--create-reflog', but many users, both old and new, somehow expect it\nto be something else, perhaps '--list'. This step warns when '-l' is\nused as a short-hand for '--create-reflog' and warns about the future\nrepurposing of the it when it is used.\n\nThe userdiff pattern for .php has been updated.\n\nThe content-transfer-encoding of the message 'git send-email' sends\nout by default was 8bit, which can cause trouble when there is an\noverlong line to bust RFC 5322/2822 limit. A new option 'auto' to\nautomatically switch to quoted-printable when there is such a line in\nthe payload has been introduced and is made the default.\n\n'git checkout' and 'git worktree add' learned to honor\ncheckout.defaultRemote when auto-vivifying a local branch out of a\nremote tracking branch in a repository with multiple remotes that have\ntracking branches that share the same names. (merge 8d7b558bae\nab/checkout-default-remote later to maint).\n\n'git grep' learned the '--only-matching' option.\n\n'git rebase --rebase-merges' mode now handles octopus merges as well.\n\nAdd a server-side knob to skip commits in exponential/fibbonacci\nstride in an attempt to cover wider swath of history with a smaller\nnumber of iterations, potentially accepting a larger packfile\ntransfer, instead of going back one commit a time during common\nancestor discovery during the 'git fetch' transaction. (merge\n42cc7485a2 jt/fetch-negotiator-skipping later to maint).\n\nA new configuration variable core.usereplacerefs has been added,\nprimarily to help server installations that want to ignore the replace\nmechanism altogether.\n\nTeach 'git tag -s' etc. a few configuration variables (gpg.format that\ncan be set to 'openpgp' or 'x509', and gpg.<format>.program that is\nused to specify what program to use to deal with the format) to allow\nx.509 certs with CMS via 'gpgsm' to be used instead of openpgp via\n'gnupg'. </format>\n\nMany more strings are prepared for l10n.\n\n'git p4 submit' learns to ask its own pre-submit hook if it should\ncontinue with submitting.\n\nThe test performed at the receiving end of 'git push' to prevent bad\nobjects from entering repository can be customized via receive.fsck.*\nconfiguration variables; we now have gained a counterpart to do the\nsame on the 'git fetch' side, with fetch.fsck.* configuration\nvariables.\n\n'git pull --rebase=interactive' learned 'i' as a short-hand for\n'interactive'.\n\n'git instaweb' has been adjusted to run better with newer Apache on\nRedHat based distros.\n\n'git range-diff' is a reimplementation of 'git tbdiff' that lets us\ncompare individual patches in two iterations of a topic.\n\nThe sideband code learned to optionally paint selected keywords at the\nbeginning of incoming lines on the receiving end.\n\n'git branch --list' learned to take the default sort order from the\n'branch.sort' configuration variable, just like 'git tag --list' pays\nattention to 'tag.sort'.\n\n'git worktree' command learned '--quiet' option to make it less\nverbose.\n\ngit 2.18.0: improvements to rename detection logic\n\nWhen built with more recent cURL, GIT_SSL_VERSION can now specify\n'tlsv1.3' as its value.\n\n'git mergetools' learned talking to guiffy.\n\nvarious other workflow improvements and fixes\n\nperformance improvements and other developer visible fixes\n\nUpdate to git 2.16.4: security fix release\n\ngit 2.17.1: Submodule 'names' come from the untrusted .gitmodules\nfile, but we blindly append them to $GIT_DIR/modules to create our\non-disk repo paths. This means you can do bad things by putting '../'\ninto the name. We now enforce some rules for submodule names which\nwill cause Git to ignore these malicious names (CVE-2018-11235,\nbsc#1095219)\n\nIt was possible to trick the code that sanity-checks paths on NTFS\ninto reading random piece of memory (CVE-2018-11233, bsc#1095218)\n\nSupport on the server side to reject pushes to repositories that\nattempt to create such problematic .gitmodules file etc. as tracked\ncontents, to help hosting sites protect their customers by preventing\nmalicious contents from spreading.\n\ngit 2.17.0: 'diff' family of commands learned\n'--find-object=<object-id>' option to limit the findings to changes\nthat involve the named object. </object-id>\n\n'git format-patch' learned to give 72-cols to diffstat, which is\nconsistent with other line length limits the subcommand uses for its\noutput meant for e-mails.\n\nThe log from 'git daemon' can be redirected with a new option; one\nrelevant use case is to send the log to standard error (instead of\nsyslog) when running it from inetd.\n\n'git rebase' learned to take '--allow-empty-message' option.\n\n'git am' has learned the '--quit' option, in addition to the existing\n'--abort' option; having the pair mirrors a few other commands like\n'rebase' and 'cherry-pick'.\n\n'git worktree add' learned to run the post-checkout hook, just like\n'git clone' runs it upon the initial checkout.\n\n'git tag' learned an explicit '--edit' option that allows the message\ngiven via '-m' and '-F' to be further edited.\n\n'git fetch --prune-tags' may be used as a handy short-hand for getting\nrid of stale tags that are locally held.\n\nThe new '--show-current-patch' option gives an end-user facing way to\nget the diff being applied when 'git rebase' (and 'git am') stops with\na conflict.\n\n'git add -p' used to offer '/' (look for a matching hunk) as a choice,\neven there was only one hunk, which has been corrected. Also the\nsingle-key help is now given only for keys that are enabled (e.g. help\nfor '/' won't be shown when there is only one hunk).\n\nSince Git 1.7.9, 'git merge' defaulted to --no-ff (i.e. even when the\nside branch being merged is a descendant of the current commit, create\na merge commit instead of fast-forwarding) when merging a tag object.\nThis was appropriate default for integrators who pull signed tags from\ntheir downstream contributors, but caused an unnecessary merges when\nused by downstream contributors who habitually 'catch up' their topic\nbranches with tagged releases from the upstream. Update 'git merge' to\ndefault to --no-ff only when merging a tag object that does *not* sit\nat its usual place in refs/tags/ hierarchy, and allow fast-forwarding\notherwise, to mitigate the problem.\n\n'git status' can spend a lot of cycles to compute the relation between\nthe current branch and its upstream, which can now be disabled with\n'--no-ahead-behind' option.\n\n'git diff' and friends learned funcname patterns for Go language\nsource files.\n\n'git send-email' learned '--reply-to=<address>' option. </address>\n\nFuncname pattern used for C# now recognizes 'async' keyword.\n\nIn a way similar to how 'git tag' learned to honor the pager setting\nonly in the list mode, 'git config' learned to ignore the pager\nsetting when it is used for setting values (i.e. when the purpose of\nthe operation is not to 'show').\n\nUse %license instead of %doc [bsc#1082318]\n\ngit 2.16.3: 'git status' after moving a path in the working tree\n(hence making it appear 'removed') and then adding with the -N option\n(hence making that appear 'added') detected it as a rename, but did\nnot report the old and new pathnames correctly.\n\n'git commit --fixup' did not allow '-m<message>' option to be used at\nthe same time; allow it to annotate resulting commit with more text.\n</message>\n\nWhen resetting the working tree files recursively, the working tree of\nsubmodules are now also reset to match.\n\nFix for a commented-out code to adjust it to a rather old API change\naround object ID.\n\nWhen there are too many changed paths, 'git diff' showed a warning\nmessage but in the middle of a line.\n\nThe http tracing code, often used to debug connection issues, learned\nto redact potentially sensitive information from its output so that it\ncan be more safely sharable.\n\nCrash fix for a corner case where an error codepath tried to unlock\nwhat it did not acquire lock on.\n\nThe split-index mode had a few corner case bugs fixed.\n\nAssorted fixes to 'git daemon'.\n\nCompletion of 'git merge -s<strategy>' (in contrib/) did not work well\nin non-C locale. </strategy>\n\nWorkaround for segfault with more recent versions of SVN.\n\nRecently introduced leaks in fsck have been plugged.\n\nTravis CI integration now builds the executable in 'script' phase to\nfollow the established practice, rather than during 'before_script'\nphase. This allows the CI categorize the failures better ('failed' is\nproject's fault, 'errored' is build environment's).\n\nDrop superfluous xinetd snippet, no longer used (bsc#1084460)\n\nBuild with asciidoctor for the recent distros (bsc#1075764)\n\nMove %{?systemd_requires} to daemon subpackage\n\nCreate subpackage for libsecret credential helper.\n\ngit 2.16.2: An old regression in 'git describe --all $annotated_tag^0'\nhas been fixed.\n\n'git svn dcommit' did not take into account the fact that a svn+ssh://\nURL with a username@ (typically used for pushing) refers to the same\nSVN repository without the username@ and failed when svn.pushmergeinfo\noption is set.\n\n'git merge -Xours/-Xtheirs' learned to use our/their version when\nresolving a conflicting updates to a symbolic link.\n\n'git clone $there $here' is allowed even when here directory exists as\nlong as it is an empty directory, but the command incorrectly removed\nit upon a failure of the operation.\n\n'git stash -- <pathspec>' incorrectly blew away untracked files in the\ndirectory that matched the pathspec, which has been corrected.\n</pathspec>\n\n'git add -p' was taught to ignore local changes to submodules as they\ndo not interfere with the partial addition of regular changes anyway.\n\ngit 2.16.1: 'git clone' segfaulted when cloning a project that happens\nto track two paths that differ only in case on a case insensitive\nfilesystem\n\ngit 2.16.0 (CVE-2017-15298, bsc#1063412): See\nhttps://raw.github.com/git/git/master/Documentation/RelNotes/2.16.0.tx\nt\n\ngit 2.15.1: fix 'auto' column output\n\nfixes to moved lines diffing\n\ndocumentation updates\n\nfix use of repositories immediately under the root directory\n\nimprove usage of libsecret\n\nfixes to various error conditions in git commands\n\nRewrite from sysv init to systemd unit file for git-daemon\n(bsc#1069803)\n\nReplace references to /var/adm/fillup-templates with new %_fillupdir\nmacro (bsc#1069468)\n\nsplit off p4 to a subpackage (bsc#1067502)\n\nBuild with the external libsha1detectcoll (bsc#1042644)\n\ngit 2.15.0: Use of an empty string as a pathspec element that is used\nfor 'everything matches' is still warned and Git asks users to use a\nmore explicit '.' for that instead. Removal scheduled for 2.16\n\nGit now avoids blindly falling back to '.git' when the setup sequence\nsaid we are _not_ in Git repository (another corner case removed)\n\n'branch --set-upstream' was retired, deprecated since 1.8\n\nmany other improvements and updates\n\ngit 2.14.3: git send-email understands more cc: formats\n\nfixes so gitk --bisect\n\ngit commit-tree fixed to handle -F file alike\n\nPrevent segfault in 'git cat-file --textconv'\n\nFix function header parsing for HTML\n\nVarious small fixes to user commands and and internal functions\n\ngit 2.14.2: fixes to color output\n\nhttp.{sslkey,sslCert} now interpret '~[username]/' prefix\n\nfixes to walking of reflogs via 'log -g' and friends\n\nvarious fixes to output correctness\n\n'git push --recurse-submodules $there HEAD:$target' is now propagated\ndown to the submodules\n\n'git clone --recurse-submodules --quiet' c$how propagates quiet option\ndown to submodules.\n\n'git svn --localtime' correctness fixes\n\n'git grep -L' and 'git grep --quiet -L' now report same exit code\n\nfixes to 'git apply' when converting line endings\n\nVarious Perl scripts did not use safe_pipe_capture() instead of\nbackticks, leaving them susceptible to end-user input. CVE-2017-14867\nbsc#1061041\n\n'git cvsserver' no longer is invoked by 'git daemon' by default\n\ngit 2.14.1 (bsc#1052481): Security fix for CVE-2017-1000117: A\nmalicious third-party can give a crafted 'ssh://...' URL to an\nunsuspecting victim, and an attempt to visit the URL can result in any\nprogram that exists on the victim's machine being executed. Such a URL\ncould be placed in the .gitmodules file of a malicious project, and an\nunsuspecting victim could be tricked into running 'git clone\n--recurse-submodules' to trigger the vulnerability.\n\nA 'ssh://...' URL can result in a 'ssh' command line with a hostname\nthat begins with a dash '-', which would cause the 'ssh' command to\ninstead (mis)treat it as an option. This is now prevented by\nforbidding such a hostname (which should not impact any real-world\nusage).\n\nSimilarly, when GIT_PROXY_COMMAND is configured, the command is run\nwith host and port that are parsed out from 'ssh://...' URL; a poorly\nwritten GIT_PROXY_COMMAND could be tricked into treating a string that\nbegins with a dash '-' as an option. This is now prevented by\nforbidding such a hostname and port number (again, which should not\nimpact any real-world usage).\n\nIn the same spirit, a repository name that begins with a dash '-' is\nalso forbidden now.\n\ngit 2.14.0: Use of an empty string as a pathspec element that is used\nfor 'everything matches' is deprecated, use '.'\n\nAvoid blindly falling back to '.git' when the setup sequence indicates\noperation not on a Git repository\n\n'indent heuristics' are now the default.\n\nBuilds with pcre2\n\nMany bug fixes, improvements and updates\n\ngit 2.13.4: Update the character width tables.\n\nFix an alias that contained an uppercase letter\n\nProgress meter fixes\n\ngit gc concurrency fixes\n\ngit 2.13.3: various internal bug fixes\n\nFix a regression to 'git rebase -i'\n\nCorrect unaligned 32-bit access in pack-bitmap code\n\nTighten error checks for invalid 'git apply' input\n\nThe split index code did not honor core.sharedrepository setting\ncorrectly\n\nFix 'git branch --list' handling of color.branch.local\n\ngit 2.13.2: 'collision detecting' SHA-1 update for platform fixes\n\n'git checkout --recurse-submodules' did not quite work with a\nsubmodule that itself has submodules.\n\nThe 'run-command' API implementation has been made more robust against\ndead-locking in a threaded environment.\n\n'git clean -d' now only cleans ignored files with '-x'\n\n'git status --ignored' did not list ignored and untracked files\nwithout '-uall'\n\n'git pull --rebase --autostash' didn't auto-stash when the local\nhistory fast-forwards to the upstream.\n\n'git describe --contains' gives as much weight to lightweight tags as\nannotated tags\n\nFix 'git stash push <pathspec>' from a subdirectory </pathspec>\n\ngit 2.13.1: Setting 'log.decorate=false' in the configuration file did\nnot take effect in v2.13, which has been corrected.\n\ncorrections to documentation and command help output\n\ngarbage collection fixes\n\nmemory leaks fixed\n\nreceive-pack now makes sure that the push certificate records the same\nset of push options used for pushing\n\nshell completion corrections for git stash\n\nfix 'git clone --config var=val' with empty strings\n\ninternal efficiency improvements\n\nUpdate sha1 collision detection code for big-endian platforms and\nplatforms not supporting unaligned fetches\n\nFix packaging of documentation\n\ngit 2.13.0: empty string as a pathspec element for 'everything\nmatches' is still warned, for future removal.\n\ndeprecated argument order 'git merge <msg> HEAD <commit>...' was\nremoved </commit></msg>\n\ndefault location '~/.git-credential-cache/socket' for the socket used\nto communicate with the credential-cache daemon moved to\n'~/.cache/git/credential/socket'.\n\nnow avoid blindly falling back to '.git' when the setup sequence\nindicated otherwise\n\nmany workflow features, improvements and bug fixes\n\nadd a hardened implementation of SHA1 in response to practical\ncollision attacks (CVE-2005-4900, bsc#1042640)\n\nCVE-2017-8386: On a server running git-shell as login shell to\nrestrict user to git commands, remote users may have been able to have\ngit service programs spawn an interactive pager and thus escape the\nshell restrictions. (bsc#1038395)\n\nChanges in pcre2: Include the libraries, development and tools\npackages.\n\ngit uses only libpcre2-8 so far, but this allows further application\nusage of pcre2.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167890\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html\");\n # https://raw.github.com/git/git/master/Documentation/RelNotes/2.16.0.txt\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9a796f1e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-5260/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20200992-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d199ff91\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8:zypper in -t patch\nSUSE-OpenStack-Cloud-Crowbar-8-2020-992=1\n\nSUSE OpenStack Cloud 8:zypper in -t patch\nSUSE-OpenStack-Cloud-8-2020-992=1\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2020-992=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5:zypper in -t\npatch SUSE-SLE-SDK-12-SP5-2020-992=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2020-992=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch\nSUSE-SLE-SAP-12-SP3-2020-992=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2020-992=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2020-992=1\n\nSUSE Linux Enterprise Server 12-SP5:zypper in -t patch\nSUSE-SLE-SERVER-12-SP5-2020-992=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2020-992=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2020-992=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-BCL-2020-992=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2020-992=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2020-992=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2020-992=1\n\nSUSE Enterprise Storage 5:zypper in -t patch SUSE-Storage-5-2020-992=1\n\nHPE Helion Openstack 8:zypper in -t patch\nHPE-Helion-OpenStack-8-2020-992=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19604\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-1353\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Malicious Git HTTP Server For CVE-2018-17456');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpcre2-16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpcre2-16-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpcre2-32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpcre2-32-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpcre2-8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpcre2-8-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpcre2-posix2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpcre2-posix2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2/3/4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"git-core-2.26.0-27.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"git-core-debuginfo-2.26.0-27.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"git-debugsource-2.26.0-27.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpcre2-16-0-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpcre2-16-0-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpcre2-32-0-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpcre2-32-0-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpcre2-8-0-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpcre2-8-0-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpcre2-posix2-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpcre2-posix2-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"git-core-2.26.0-27.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"git-core-debuginfo-2.26.0-27.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"git-debugsource-2.26.0-27.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libpcre2-16-0-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libpcre2-16-0-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libpcre2-32-0-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libpcre2-32-0-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libpcre2-8-0-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libpcre2-8-0-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libpcre2-posix2-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libpcre2-posix2-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"git-core-2.26.0-27.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"git-core-debuginfo-2.26.0-27.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"git-debugsource-2.26.0-27.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libpcre2-16-0-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libpcre2-16-0-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libpcre2-32-0-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libpcre2-32-0-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libpcre2-8-0-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libpcre2-8-0-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libpcre2-posix2-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libpcre2-posix2-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"git-core-2.26.0-27.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"git-core-debuginfo-2.26.0-27.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"git-debugsource-2.26.0-27.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libpcre2-16-0-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libpcre2-16-0-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libpcre2-32-0-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libpcre2-32-0-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libpcre2-8-0-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libpcre2-8-0-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libpcre2-posix2-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libpcre2-posix2-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"git-core-2.26.0-27.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"git-core-debuginfo-2.26.0-27.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"git-debugsource-2.26.0-27.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libpcre2-16-0-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libpcre2-16-0-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libpcre2-32-0-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libpcre2-32-0-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libpcre2-8-0-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libpcre2-8-0-debuginfo-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libpcre2-posix2-10.34-1.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libpcre2-posix2-debuginfo-10.34-1.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhatcve": [{"lastseen": "2023-03-07T23:19:36", "description": "A flaw was found in git. Credentials can be leaked through the use of a crafted URL that contains a newline, fooling the credential helper to give information for a different host. Highest threat from the vulnerability is to data confidentiality.\n#### Mitigation\n\nThe most complete workaround is to disable credential helpers altogether: \n\n \n \n git config --unset credential.helper \n git config --global --unset credential.helper \n git config --system --unset credential.helper \n \n\nAn alternative is to avoid malicious URLs: \n1\\. Examine the hostname and username portion of URLs fed to git clone for the presence of encoded newlines (%0a) or evidence of credential-protocol injections (e.g., host=github.com) \n2\\. Avoid using submodules with untrusted repositories (don't use clone --recurse-submodules; use git submodule update only after examining the URLs found in .gitmodules) \n3\\. Avoid tools which may run gi
Security fix for the ALT Linux 9 package git version 2.25.3-alt1
