FreeBSDA3B10C9B-99D9-11ED-AA55-D05099FED512shells/fish -- arbitrary code execution via git
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
57.4%
Peter Ammon reports:
fish is a command line shell. fish version 3.1.0 through
version 3.3.1 is vulnerable to arbitrary code execution.
git repositories can contain per-repository
configuration that change the behavior of git, including
running arbitrary commands. When using the default
configuration of fish, changing to a directory
automatically runs git commands in order to display
information about the current repository in the prompt.
If an attacker can convince a user to change their
current directory into one controlled by the attacker,
such as on a shared file system or extracted archive,
fish will run arbitrary commands under the attacker's
control. This problem has been fixed in fish 3.4.0. Note
that running git in these directories, including using
the git tab completion, remains a potential trigger for
this issue. As a workaround, remove the
fish_git_prompt function from the prompt.
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
57.4%