CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
94.3%
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.
Vendor | Product | Version | CPE |
---|---|---|---|
git_project | git | * | cpe:2.3:a:git_project:git:*:*:*:*:*:*:*:* |
git_project | git | 2.4.0 | cpe:2.3:a:git_project:git:2.4.0:*:*:*:*:*:*:* |
git_project | git | 2.4.1 | cpe:2.3:a:git_project:git:2.4.1:*:*:*:*:*:*:* |
git_project | git | 2.4.2 | cpe:2.3:a:git_project:git:2.4.2:*:*:*:*:*:*:* |
git_project | git | 2.4.3 | cpe:2.3:a:git_project:git:2.4.3:*:*:*:*:*:*:* |
git_project | git | 2.4.4 | cpe:2.3:a:git_project:git:2.4.4:*:*:*:*:*:*:* |
git_project | git | 2.4.5 | cpe:2.3:a:git_project:git:2.4.5:*:*:*:*:*:*:* |
git_project | git | 2.4.6 | cpe:2.3:a:git_project:git:2.4.6:*:*:*:*:*:*:* |
git_project | git | 2.4.7 | cpe:2.3:a:git_project:git:2.4.7:*:*:*:*:*:*:* |
git_project | git | 2.4.8 | cpe:2.3:a:git_project:git:2.4.8:*:*:*:*:*:*:* |
lists.opensuse.org/opensuse-updates/2015-11/msg00066.html
rhn.redhat.com/errata/RHSA-2015-2515.html
www.debian.org/security/2016/dsa-3435
www.openwall.com/lists/oss-security/2015/12/08/5
www.openwall.com/lists/oss-security/2015/12/09/8
www.openwall.com/lists/oss-security/2015/12/11/7
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
www.securityfocus.com/bid/78711
www.securitytracker.com/id/1034501
www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.533255
www.ubuntu.com/usn/USN-2835-1
bugzilla.redhat.com/show_bug.cgi?id=1269794
github.com/git/git/blob/master/Documentation/RelNotes/2.3.10.txt
github.com/git/git/blob/master/Documentation/RelNotes/2.4.10.txt
github.com/git/git/blob/master/Documentation/RelNotes/2.5.4.txt
github.com/git/git/blob/master/Documentation/RelNotes/2.6.1.txt
kernel.googlesource.com/pub/scm/git/git/+/33cfccbbf35a56e190b79bdec5c85457c952a021
lkml.org/lkml/2015/10/5/683
security.gentoo.org/glsa/201605-01
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
94.3%