Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cloudfoundryCloud FoundryCFOUNDRY:C7C8B32CB5620BC0DBF4628242A0032D
HistoryOct 06, 2017 - 12:00 a.m.

USN-3438-1: Git vulnerability | Cloud Foundry

2017-10-0600:00:00
Cloud Foundry
www.cloudfoundry.org
25

0.003 Low

EPSS

Percentile

70.4%

JSON

Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 14.04

Description

It was discovered that Git incorrectly handled certain subcommands such as cvsserver. A remote attacker could possibly use this issue via shell metacharacters in modules names to execute arbitrary code.

This update also removes the cvsserver subcommand from git-shell by default.

Affected Cloud Foundry Products and Versions

Severity is medium unless otherwise noted.

  • All versions of Cloud Foundry cflinuxfs2 prior to 1.159.0

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

  • The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.159.0 or later.

References

Related

nessus 16
amazon 1
debiancve 1
mageia 1
prion 1
osv 3
debian 1
altlinux 2
cve 1
redhatcve 1
nvd 1
openvas 11
suse 3
ubuntu 1
ubuntucve 1
cvelist 1
rosalinux 1
ibm 1
photon 1
nessus
nessus
EulerOS 2.0 SP1 : git (EulerOS-SA-2017-1265)
2017-11-01 00:00:00
Debian DSA-3984-1 : git - security update
2017-09-27 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : Git vulnerability (USN-3438-1)
2017-10-06 00:00:00
amazon
amazon
Medium: git
2017-10-12 19:39:00
debiancve
debiancve
CVE-2017-14867
2017-09-29 01:34:50
mageia
mageia
Updated git packages fix security vulnerability
2017-11-07 16:49:26
prion
prion
Design/Logic Flaw
2017-09-29 01:34:00
osv
osv
CVE-2017-14867
2017-09-29 01:34:50
git - security update
2017-09-26 00:00:00
git - security update
2017-10-02 00:00:00
debian
debian
[SECURITY] [DLA 1120-1] git security update
2017-10-02 21:20:17
altlinux
altlinux
Security fix for the ALT Linux 10 package git version 2.10.5-alt1
2017-09-22 00:00:00
Security fix for the ALT Linux 8 package git version 2.10.5-alt1
2017-09-22 00:00:00
cve
cve
CVE-2017-14867
2017-09-29 01:34:50
redhatcve
redhatcve
CVE-2017-14867
2017-09-28 15:49:10
nvd
nvd
CVE-2017-14867
2017-09-29 01:34:50
openvas
openvas
Huawei EulerOS: Security Advisory for git (EulerOS-SA-2017-1266)
2020-01-23 00:00:00
Debian: Security Advisory (DLA-1120-1)
2018-02-06 00:00:00
Huawei EulerOS: Security Advisory for git (EulerOS-SA-2017-1265)
2020-01-23 00:00:00
suse
suse
Security update for git (important)
2017-10-12 21:07:31
Security update for git (important)
2017-10-17 18:12:41
Security update for git (important)
2017-10-19 00:07:28
ubuntu
ubuntu
Git vulnerability
2017-10-05 00:00:00
ubuntucve
ubuntucve
CVE-2017-14867
2017-09-28 00:00:00
cvelist
cvelist
CVE-2017-14867
2017-09-28 14:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1843
2021-07-02 16:45:45
ibm
ibm
Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private
2018-07-20 18:56:04
photon
photon
Critical Photon OS Security Update - PHSA-2017-0078
2017-10-19 00:00:00

0.003 Low

EPSS

Percentile

70.4%

JSON
Related for CFOUNDRY:C7C8B32CB5620BC0DBF4628242A0032D
nessus16amazon1debiancve1mageia1prion1osv3debian1altlinux2cve1redhatcve1nvd1openvas11suse3ubuntu1ubuntucve1cvelist1rosalinux1ibm1photon1