Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneJoernchenH1:260005
HistoryAug 14, 2017 - 8:53 p.m.

Internet Bug Bounty: RCE via ssh:// URIs in multiple VCS

2017-08-1420:53:18
joernchen
hackerone.com
46

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.549 Medium

EPSS

Percentile

97.2%

JSON

I’d like to submit an RCE issue within Git SVN and Mercurial, the CVEs are:

  • CVE-2017-9800 (Subversion)
  • CVE-2017-1000116 (Mercurial (hg))
  • CVE-2017-1000117 (Git)

Further Info can be found at:

http://blog.recurity-labs.com/2017-08-10/scm-vulns

And product specific:

I think these issues which all are based on the same flaw could be worth
an IBB Bounty. However I’d like to point out that we at Recurity Labs
would like the bounty being donated to a charity. The to be determined
charity will be something in the field of brain aneurysm, this is due to
the fact that Felix, the founder of Recurity Labs, currently is
recovering from a brain aneurysm.

So, just let us know what you think about this.

Cheers,

joern

P.S. I took the CVSS Score from the Subversion Advisory
the Redhat advisory states a score of 6.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) I guess the truth is somewhere in between.

Related

archlinux 3
debian 7
freebsd 2
nessus 52
openvas 33
cve 8
prion 8
debiancve 7
ubuntucve 7
osv 14
veracode 3
redhatcve 5
github 1
myhack58 1
suse 4
fedora 6
ubuntu 1
redhat 5
alpinelinux 3
centos 3
checkpoint_advisories 2
slackware 2
cloudfoundry 1
mageia 4
oraclelinux 4
packetstorm 1
amazon 2
gentoo 2
metasploit 1
zdt 1
ibm 2
f5 1
seebug 1
exploitdb 1
apple 1
archlinux
archlinux
[ASA-201708-7] mercurial: multiple issues
2017-08-12 00:00:00
[ASA-201708-6] git: arbitrary command execution
2017-08-12 00:00:00
[ASA-201708-14] subversion: arbitrary command execution
2017-08-15 00:00:00
debian
debian
[SECURITY] [DLA 1072-1] mercurial security update
2017-08-31 11:57:25
[SECURITY] [DLA 1144-1] git-annex security update
2017-10-27 15:29:08
[SECURITY] [DLA 1495-1] git-annex security update
2018-09-05 19:28:50
freebsd
freebsd
Mercurial -- multiple vulnerabilities
2017-08-10 00:00:00
subversion -- Arbitrary code execution vulnerability
2017-08-10 00:00:00
nessus
nessus
FreeBSD : Mercurial -- multiple vulnerabilities (1d33cdee-7f6b-11e7-a9b5-3debb10a6871)
2017-08-14 00:00:00
Debian DLA-1072-1 : mercurial security update
2017-09-01 00:00:00
Debian DLA-1144-1 : git-annex security update
2017-10-30 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-1072-1)
2018-02-06 00:00:00
Debian: Security Advisory (DLA-1144-1)
2018-02-06 00:00:00
Huawei EulerOS: Security Advisory for bzr (EulerOS-SA-2021-1060)
2021-01-19 00:00:00
cve
cve
CVE-2017-12976
2017-08-20 20:29:00
CVE-2017-16228
2017-10-29 20:29:00
CVE-2017-14176
2017-11-27 10:29:00
prion
prion
Sql injection
2017-08-20 20:29:00
Design/Logic Flaw
2017-10-29 20:29:00
Design/Logic Flaw
2017-11-27 10:29:00
debiancve
debiancve
CVE-2017-12976
2017-08-20 20:29:00
CVE-2017-16228
2017-10-29 20:29:00
CVE-2017-14176
2017-11-27 10:29:00
ubuntucve
ubuntucve
CVE-2017-12976
2017-08-20 00:00:00
CVE-2017-16228
2017-10-29 00:00:00
CVE-2017-14176
2017-09-05 00:00:00
osv
osv
git-annex command injection via malicious SSH hostname
2023-07-25 13:25:42
PYSEC-2017-12
2017-10-29 20:29:00
Dulwich RCE Vulnerability
2022-05-13 01:44:04
veracode
veracode
Arbitrary Command Execution
2017-10-30 00:47:04
Remote Code Execution (RCE)
2019-01-15 09:18:24
Privilege Escalation
2020-05-10 23:25:43
redhatcve
redhatcve
CVE-2017-16228
2017-11-03 14:19:26
CVE-2017-14176
2017-09-12 07:48:25
CVE-2017-1000116
2017-08-10 19:18:29
github
github
Dulwich RCE Vulnerability
2022-05-13 01:44:04
myhack58
myhack58
More mainstream version control system was traced to the presence of the client arbitrary code execution vulnerability-vulnerability warning-the black bar safety net
2017-08-11 00:00:00
suse
suse
Security update for git (important)
2017-08-17 00:08:53
Security update for git (important)
2017-08-21 18:07:57
Security update for git (important)
2017-09-01 03:10:54
fedora
fedora
[SECURITY] Fedora 25 Update: git-2.9.5-1.fc25
2017-08-14 00:56:27
[SECURITY] Fedora 26 Update: git-2.13.5-1.fc26
2017-08-13 20:56:31
[SECURITY] Fedora 25 Update: subversion-1.9.7-1.fc25
2017-08-22 12:50:37
ubuntu
ubuntu
Git vulnerability
2017-08-11 00:00:00
redhat
redhat
(RHSA-2017:2485) Important: git security update
2017-08-16 21:46:48
(RHSA-2017:2484) Important: git security update
2017-08-16 21:46:19
(RHSA-2017:2480) Important: subversion security update
2017-08-15 18:41:13
alpinelinux
alpinelinux
CVE-2017-1000117
2017-10-05 01:29:00
CVE-2017-1000116
2017-10-05 01:29:00
CVE-2017-9800
2017-08-11 21:29:00
centos
centos
emacs, git, gitk, gitweb, perl security update
2017-08-17 10:26:34
emacs, git, gitk, gitweb, perl security update
2017-08-24 09:43:50
mod_dav_svn, subversion security update
2017-08-24 09:44:09
checkpoint_advisories
checkpoint_advisories
Git ssh URL Processing Command Execution (CVE-2017-1000117)
2018-05-02 00:00:00
Apache Subversion svn-ssh URL Command Execution (CVE-2017-9800)
2017-08-29 00:00:00
slackware
slackware
[slackware-security] git
2017-08-11 23:10:53
[slackware-security] subversion
2017-08-11 23:11:38
cloudfoundry
cloudfoundry
USN-3387-1: Git vulnerability | Cloud Foundry
2017-08-17 00:00:00
mageia
mageia
Updated git packages fix security vulnerability
2017-08-14 01:19:29
Updated subversion packages fix security vulnerability
2017-08-17 00:10:57
Updated mercurial packages fix security vulnerabilities
2017-08-19 12:58:33
oraclelinux
oraclelinux
git security update
2017-08-17 00:00:00
git security update
2017-08-16 00:00:00
subversion security update
2017-08-15 00:00:00
packetstorm
packetstorm
Malicious GIT HTTP Server
2017-08-30 00:00:00
amazon
amazon
Important: git
2017-08-31 16:00:00
Important: subversion, mod_dav_svn
2017-08-31 16:11:00
gentoo
gentoo
Git: Command injection
2017-09-17 00:00:00
Subversion: Arbitrary code execution
2017-09-17 00:00:00
metasploit
metasploit
Malicious Git HTTP Server For CVE-2017-1000117
2017-08-13 03:47:44
zdt
zdt
Apache Subversion Arbitrary Code Execution Vulnerability
2017-08-14 00:00:00
ibm
ibm
Security Bulletin: A vulnerability in subversion affects PowerKVM
2018-06-18 01:38:34
Security Bulletin: IBM QRadar Network Security is affected by vulnerability in subversion (CVE-2017-9800)
2018-06-16 22:03:31
f5
f5
K45625134 : Apache Subversion vulnerability CVE-2017-9800
2017-08-29 00:00:00
seebug
seebug
Apache Subversion Remote Command Execution Vulnerability(CVE-2017-9800)
2017-08-16 00:00:00
exploitdb
exploitdb
Git < 2.7.5 - Command Injection (Metasploit)
2017-08-31 00:00:00
apple
apple
About the security content of Xcode 9 - Apple Support
2017-11-02 11:30:54

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.549 Medium

EPSS

Percentile

97.2%

JSON
Related for H1:260005
archlinux3debian7freebsd2nessus52openvas33cve8prion8debiancve7ubuntucve7osv14veracode3redhatcve5github1myhack581suse4fedora6ubuntu1redhat5alpinelinux3centos3checkpoint_advisories2slackware2cloudfoundry1mageia4oraclelinux4packetstorm1amazon2gentoo2metasploit1zdt1ibm2f51seebug1exploitdb1apple1