Cory Snider discovered that Git incorrectly handled certain symbolic links.
An attacker could possibly use this issue to cause an unexpected behaviour.

References

ubuntu.com/security/CVE-2022-39253

ubuntu.com/security/notices/USN-5686-4

ubuntucve 2

wolfi 1

github 3

openvas 32

osv 8

alpinelinux 2

fedora 5

nessus 64

veracode 1

ubuntu 3

debiancve 2

prion 2

redhatcve 2

mscve 1

cve 2

cgr 1

githubexploit 1

freebsd 2

altlinux 1

slackware 2

cloudfoundry 1

kaspersky 2

amazon 4

mageia 2

redhat 3

debian 3

oraclelinux 2

almalinux 2

apple 1

photon 4

rosalinux 2

gentoo 1

rapid7blog 1

ics 1

ubuntucve

CVE-2022-39253

2022-10-18 00:00:00

CVE-2023-22490

2023-02-14 00:00:00

wolfi

CVE-2022-39253 vulnerabilities

2024-05-04 03:28:13

github

Container build can leak any path on the host into the container

2022-11-11 00:03:31

Git security vulnerabilities announced

2022-10-18 17:11:45

Git security vulnerabilities announced

2023-02-14 18:45:56

openvas

Fedora: Security Advisory for moby-engine (FEDORA-2022-2c33bba286)

2022-11-11 00:00:00

Fedora: Security Advisory for moby-engine (FEDORA-2022-12790ca71a)

2022-10-23 00:00:00

Ubuntu: Security Advisory (USN-5686-4)

2023-03-29 00:00:00

osv

Container build can leak any path on the host into the container

2022-11-11 00:03:31

git vulnerabilities

2022-10-18 17:59:28

CVE-2022-39253

2022-10-19 11:15:11

alpinelinux

CVE-2022-39253

2022-10-19 11:15:00

CVE-2023-22490

2023-02-14 20:15:16

fedora

[SECURITY] Fedora 36 Update: moby-engine-20.10.20-1.fc36

2022-10-22 13:52:03

[SECURITY] Fedora 37 Update: moby-engine-20.10.20-1.fc37

2022-11-10 22:49:47

[SECURITY] Fedora 36 Update: git-2.38.1-1.fc36

2022-10-28 11:15:54

nessus

Ubuntu 16.04 ESM : Git vulnerability (USN-5686-4)

2023-03-28 00:00:00

CentOS 9 : cmake-3.20.2-8.el9

2024-02-29 00:00:00

Fedora 36 : moby-engine (2022-12790ca71a)

2022-10-22 00:00:00

veracode

Information Disclosure

2022-10-20 19:55:20

ubuntu

Git vulnerability

2023-03-28 00:00:00

Git vulnerabilities

2022-11-21 00:00:00

Git vulnerabilities

2022-10-18 00:00:00

debiancve

CVE-2022-39253

2022-10-19 11:15:00

CVE-2023-22490

2023-02-14 20:15:16

prion

Design/Logic Flaw

2022-10-19 11:15:00

Design/Logic Flaw

2023-02-14 20:15:00

redhatcve

CVE-2022-39253

2022-10-24 20:49:24

CVE-2023-22490

2023-02-17 15:59:20

mscve

GitHub: CVE-2022-39253 Local clone optimization dereferences symbolic links by default

2022-11-08 08:00:00

cve

CVE-2022-39253

2022-10-19 11:15:00

CVE-2023-22490

2023-02-14 20:15:16

cgr

CVE-2022-39253 vulnerabilities

2024-05-04 03:06:26

githubexploit

Exploit for Link Following in Git-Scm Git

2022-12-20 08:17:05

freebsd

git -- Multiple vulnerabilities

2022-06-09 00:00:00

git -- Local clone-based data exfiltration with non-local transports

2023-02-14 00:00:00

altlinux

Security fix for the ALT Linux 10 package git version 2.33.5-alt1

2022-10-22 00:00:00

slackware

[slackware-security] git

2022-10-18 20:40:51

[slackware-security] git

2023-02-15 19:51:52

cloudfoundry

USN-5686-1: Git vulnerabilities | Cloud Foundry

2022-12-07 00:00:00

kaspersky

KLA20184 Multiple vulnerabilities in Git for Windows

2022-10-18 00:00:00

KLA20040 Multiple vulnerabilities in Microsoft Developer Tools

2022-11-08 00:00:00

amazon

Important: git

2022-12-01 17:34:00

Important: git

2022-12-01 20:31:00

Medium: git

2023-03-02 22:36:00

mageia

Updated git packages fix security vulnerability

2023-02-27 23:27:16

Updated git packages fix security vulnerability

2022-10-28 09:54:08

redhat

(RHSA-2023:2319) Moderate: git security and bug fix update

2023-05-09 05:07:19

(RHSA-2023:2859) Moderate: git security and bug fix update

2023-05-16 05:56:35

(RHSA-2024:0407) Moderate: git security update

2024-01-24 14:40:19

debian

[SECURITY] [DLA 3239-2] git regression update

2022-12-14 18:36:03

[SECURITY] [DLA 3239-1] git security update

2022-12-13 22:36:52

[SECURITY] [DSA 5332-1] git security update

2023-01-29 16:59:53

oraclelinux

git security and bug fix update

2023-05-23 00:00:00

git security and bug fix update

2023-05-15 00:00:00

almalinux

Moderate: git security and bug fix update

2023-05-09 00:00:00

Moderate: git security and bug fix update

2023-05-16 00:00:00

apple

About the security content of Xcode 14.1

2022-11-01 00:00:00

photon

Important Photon OS Security Update - PHSA-2022-3.0-0486

2022-11-11 00:00:00

Important Photon OS Security Update - PHSA-2022-0538

2022-11-09 00:00:00

Critical Photon OS Security Update - PHSA-2022-0271

2022-10-28 00:00:00

rosalinux

Advisory ROSA-SA-2023-2292

2023-11-14 13:25:27

Advisory ROSA-SA-2024-2398

2024-04-11 08:08:00

gentoo

Git: Multiple Vulnerabilities

2023-12-27 00:00:00

rapid7blog

Patch Tuesday - November 2022

2022-11-08 20:02:57

ics

Siemens SCALANCE XCM-/XRM-300

2024-02-15 12:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

7.2 High

AI Score

Confidence

Low

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

40.4%

JSON

Related for OSV:USN-5686-4