7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.347 Low
EPSS
Percentile
96.5%
It was discovered that gitweb, the web interface for the Git version
control system, contained several vulnerabilities:
Remote attackers could use crafted requests to execute shell commands on
the web server, using the snapshot generation and pickaxe search
functionality (CVE-2008-5916).
Local users with write access to the configuration of a Git repository
served by gitweb could cause gitweb to execute arbitrary shell commands
with the permission of the web server (CVE-2008-5516, CVE-2008-5517).
For the stable distribution (etch), these problems have been fixed in
version 1.4.4.4-4+etch1.
For the unstable distribution (sid) and testing distribution (lenny),
the remote shell command injection issue (CVE-2008-5516) has been fixed
in version 1.5.6-1. The other issue will be fixed soon.
We recommend that you upgrade your Git packages.
CPE | Name | Operator | Version |
---|---|---|---|
git-core | eq | 1:1.4.4.4-2 | |
git-core | eq | 1:1.4.4.4-2.1+etch1 | |
git-core | eq | 1:1.4.4.4-3 | |
git-core | eq | 1:1.4.4.4-4 |