joernchen of Phenoelit discovered that git is prone to an arbitrary code execution vulnerability due to insufficient validation of submodule url and path via a specially crafted .gitmodules file in a project cloned with --recurse-submodules (CVE-2018-17456).

OSVersionArchitecturePackageVersionFilename
Mageia6noarchgit< 2.13.7-1.2git-2.13.7-1.2.mga6

OS	Version	Architecture	Package	Version	Filename
Mageia	6	noarch	git	< 2.13.7-1.2	git-2.13.7-1.2.mga6

References

bugs.mageia.org/show_bug.cgi?id=23642

atlassian 4

nessus 42

prion 1

suse 4

packetstorm 3

openvas 29

centos 2

osv 3

ubuntucve 1

exploitpack 2

zdt 1

debian 2

redhat 4

freebsd 1

checkpoint_advisories 1

oraclelinux 2

fedora 9

ibm 2

cloudfoundry 1

archlinux 1

veracode 1

altlinux 2

metasploit 1

cve 1

alpinelinux 1

amazon 2

slackware 1

debiancve 1

ubuntu 1

redhatcve 1

exploitdb 2

photon 6

kitploit 1

atlassian

Input validation vulnerability via Git in Sourcetree for Windows - CVE-2018-17456

2019-01-23 22:56:09

Input validation vulnerability via Git in Sourcetree for Mac - CVE-2018-17456

2019-01-23 22:43:28

Input validation vulnerability via Git in Sourcetree for Mac - CVE-2018-17456

2019-01-23 22:43:28

nessus

Oracle Linux 6 : git (ELSA-2020-0316)

2020-02-04 00:00:00

SUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2018:3150-1)

2019-01-02 00:00:00

EulerOS Virtualization 2.5.3 : git (EulerOS-SA-2019-1183)

2019-04-09 00:00:00

prion

Remote code execution

2018-10-06 14:29:00

suse

Security update for git (important)

2018-10-17 06:09:56

Security update for libgit2 (important)

2018-12-08 15:09:50

Security update for git (important)

2018-10-12 12:11:54

packetstorm

Malicious Git HTTP Server

2018-11-15 00:00:00

Git Submodule Arbitrary Code Execution

2018-10-08 00:00:00

Git Submodule Arbitrary Code Execution

2018-10-17 00:00:00

openvas

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2019-2389)

2020-01-23 00:00:00

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2019-1291)

2020-01-23 00:00:00

CentOS: Security Advisory for emacs-git (CESA-2020:0316)

2020-02-04 00:00:00

centos

emacs, git, gitk, gitweb, perl security update

2018-11-20 23:41:54

emacs, git, gitk, gitweb, perl security update

2020-02-03 17:18:41

osv

git - security update

2018-10-05 00:00:00

git - security update

2018-10-05 00:00:00

CVE-2018-17456

2018-10-06 14:29:00

ubuntucve

CVE-2018-17456

2018-10-06 00:00:00

exploitpack

Git Submodule - Arbitrary Code Execution (PoC)

2018-10-05 00:00:00

Git Submodule - Arbitrary Code Execution

2018-10-16 00:00:00

zdt

Git Submodule - Arbitrary Code Execution Vulnerability

2018-10-09 00:00:00

debian

[SECURITY] [DSA 4311-1] git security update

2018-10-05 19:29:29

[SECURITY] [DSA 4311-1] git security update

2018-10-05 19:29:29

redhat

(RHSA-2018:3541) Important: rh-git29-git security update

2018-11-12 10:58:59

(RHSA-2020:0316) Important: git security update

2020-02-03 08:18:58

(RHSA-2018:3408) Important: git security update

2018-10-30 14:56:57

freebsd

Libgit2 -- multiple vulnerabilities

2018-10-05 00:00:00

checkpoint_advisories

Git Submodule Remote Code Execution (CVE-2018-17456)

2020-03-01 00:00:00

oraclelinux

git security update

2018-11-09 00:00:00

git security update

2020-02-03 00:00:00

fedora

[SECURITY] Fedora 29 Update: libgit2-0.27.5-1.fc29

2018-10-09 00:08:31

[SECURITY] Fedora 29 Update: git-2.19.1-1.fc29

2018-10-09 00:08:13

[SECURITY] Fedora 28 Update: git-2.17.2-1.fc28

2018-10-10 22:47:45

ibm

Security Bulletin: A vulnerability in git affects PowerKVM

2018-12-17 14:20:01

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Vulnerability Advisor Kafka and Notification Dispatcher

2019-03-07 20:05:01

cloudfoundry

USN-3791-1: Git vulnerability | Cloud Foundry

2018-10-15 00:00:00

archlinux

[ASA-201810-7] git: arbitrary code execution

2018-10-09 00:00:00

veracode

Remote Code Execution (RCE)

2019-01-15 09:25:29

altlinux

Security fix for the ALT Linux 10 package git version 2.17.2-alt1

2018-09-27 00:00:00

Security fix for the ALT Linux 8 package git version 2.17.2-alt1

2018-09-27 00:00:00

metasploit

Malicious Git HTTP Server For CVE-2018-17456

2018-10-18 03:02:28

cve

CVE-2018-17456

2018-10-06 14:29:00

alpinelinux

CVE-2018-17456

2018-10-06 14:29:00

amazon

Important: git

2018-10-17 22:02:00

Important: git

2018-10-24 16:31:00

slackware

[slackware-security] git

2018-10-11 00:35:23

debiancve

CVE-2018-17456

2018-10-06 14:29:00

ubuntu

Git vulnerability

2018-10-12 00:00:00

redhatcve

CVE-2018-17456

2018-10-05 21:49:09

exploitdb

Git Submodule - Arbitrary Code Execution (PoC)

2018-10-05 00:00:00

Git Submodule - Arbitrary Code Execution

2018-10-16 00:00:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0185

2019-11-01 00:00:00

Critical Photon OS Security Update - PHSA-2019-0185

2019-11-01 00:00:00

Critical Photon OS Security Update - PHSA-2019-0036

2019-10-23 00:00:00

kitploit

Trivy - A Simple And Comprehensive Vulnerability Scanner For Containers, Suitable For CI

2019-11-05 12:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.161 Low

EPSS

Percentile

95.9%

JSON

Related for MGASA-2018-0395