Lucene search

GoogleOSV:BIT-GIT-2024-32004

HistoryMay 24, 2024 - 7:19 a.m.

BIT-git-2024-32004

2024-05-2407:19:02

Google

osv.dev

git

revision control

arbitrary code execution

local repository

vulnerability

patched

8.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.

CPENameOperatorVersion
gitge2.41.0
gitge2.45.0
gitge2.44.0
gitlt2.43.4
gitlt2.42.2
gitlt2.41.1
gitlt2.40.2
gitlt2.39.4
gitge2.42.0
gitge2.40.0

Name	Operator	Version
git	ge	2.41.0
git	ge	2.45.0
git	ge	2.44.0
git	lt	2.43.4
git	lt	2.42.2
git	lt	2.41.1
git	lt	2.40.2
git	lt	2.39.4
git	ge	2.42.0
git	ge	2.40.0

Rows per page:

1-10 of 131

References

www.openwall.com/lists/oss-security/2024/05/14/2

git-scm.com/docs/git-clone

github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8

github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389

lists.fedoraproject.org/archives/list/[email protected]/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/

8.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

Related for OSV:BIT-GIT-2024-32004