Lucene search

K
gentooGentoo FoundationGLSA-202003-30
HistoryMar 15, 2020 - 12:00 a.m.

Git: Multiple vulnerabilities

2020-03-1500:00:00
Gentoo Foundation
security.gentoo.org
109

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.087

Percentile

94.6%

Background

Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.

Description

Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details.

Impact

An attacker could possibly overwrite arbitrary paths, execute arbitrary code, and overwrite files in the .git directory.

Workaround

There is no known workaround at this time.

Resolution

All Git 2.21.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.21.1"

All Git 2.23.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.23.1-r1"

All Git 2.24.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.24.1"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-vcs/git< 2.24.1UNKNOWN

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.087

Percentile

94.6%