Lucene search

K
osvGoogleOSV:USN-6050-1
HistoryMay 01, 2023 - 9:37 a.m.

git vulnerabilities

2023-05-0109:37:06
Google
osv.dev
12
git vulnerability
overwriting paths
malicious message
configuration injection

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8

Confidence

High

EPSS

0.005

Percentile

77.3%

It was discovered that Git incorrectly handled certain commands.
An attacker could possibly use this issue to overwriting some paths.
(CVE-2023-25652)

Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly
handled some gettext machinery. An attacker could possibly use this issue
to allows the malicious placement of crafted messages. (CVE-2023-25815)

AndrΓ© Baptista and VΓ­tor Pinho discovered that Git incorrectly handled
certain configurations. An attacker could possibly use this issue
to arbitrary configuration injection. (CVE-2023-29007)

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8

Confidence

High

EPSS

0.005

Percentile

77.3%