Lucene search

K

[email protected]NVD:CVE-2024-32004

HistoryMay 14, 2024 - 7:15 p.m.

CVE-2024-32004

2024-05-1419:15:11

CWE-114

[email protected]

web.nvd.nist.gov

2

git

vulnerability

local repository.

8.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.

References

www.openwall.com/lists/oss-security/2024/05/14/2

git-scm.com/docs/git-clone

github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8

github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389

lists.fedoraproject.org/archives/list/[email protected]/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/

8.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

Related for NVD:CVE-2024-32004