Lucene search

CVE-2024-32021

🗓️ 14 May 2024 20:13:15Reported by GitHub_MType

cve🔗 web.nvd.nist.gov👁 201 Views🌐 WEB

Git version 2.45.1 and earlier may create hardlinks to arbitrary user-readable files during local repository clonin

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 199
Tenable Nessus	CBL Mariner 2.0 Security Update: git (CVE-2024-32021)	3 Jul 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP10 : git (EulerOS-SA-2024-1882)	15 Jul 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP12 : git (EulerOS-SA-2024-2350)	10 Sep 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : git, git-all, git-core (ALAS2023-2024-623)	28 May 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP11 : git (EulerOS-SA-2024-2098)	8 Aug 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : git (EulerOS-SA-2024-2365)	12 Sep 202400:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0148: git (ALINUX3-SA-2024:0148)	14 May 202500:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP11 : git (EulerOS-SA-2024-2081)	8 Aug 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2 : git (ALAS-2024-2548)	31 May 202400:00	–	nessus
Tenable Nessus	Amazon Linux AMI : git (ALAS-2024-1939)	5 Jun 202400:00	–	nessus

Vulners

Vulnrichment

Node

git git

git gitRange2.43.0–2.43.4

git gitRange2.42.0–2.42.2

git git

git gitRange2.40.0–2.40.2

git gitRange<2.39.4

[
  {
    "vendor": "git",
    "product": "git",
    "versions": [
      {
        "version": "= 2.45.0",
        "status": "affected"
      },
      {
        "version": "= 2.44.0",
        "status": "affected"
      },
      {
        "version": ">= 2.43.0, < 2.43.4",
        "status": "affected"
      },
      {
        "version": ">= 2.42.0, < 2.42.2",
        "status": "affected"
      },
      {
        "version": "= 2.41.0",
        "status": "affected"
      },
      {
        "version": ">= 2.40.0, < 2.40.2",
        "status": "affected"
      },
      {
        "version": "< 2.39.4",
        "status": "affected"
      }
    ]
  }
]

Source	Link
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/
lists	www.lists.debian.org/debian-lts-announce/2024/06/msg00018.html
openwall	www.openwall.com/lists/oss-security/2024/05/14/2
github	www.github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7

Parameter	Position	Path	Description	CWE
..	path	/git/objects/host	Git may create hardlinks to arbitrary user-readable files when cloning a local repository containing symlinks, allowing an adversary to access sensitive files.	CWE-547
..	nested	/git/objects/host	The vulnerability exploited allows symlinks to be created to sensitive files, exposing them through the Git objects directory.	CWE-547

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

14 May 2024 20:15Current

7High risk

Vulners AI Score7

CVSS33.9

EPSS0.02341

SSVC

CWE-547