Lucene search

K
redhatcveRedhat.comRH:CVE-2023-25815
HistoryApr 26, 2023 - 6:17 a.m.

CVE-2023-25815

2023-04-2606:17:55
redhat.com
access.redhat.com
10
git
vulnerability
runtime prefix
translation
crafted messages
security flaw

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L

EPSS

0.001

Percentile

18.7%

A vulnerability was found in Git. This security flaw occurs when Git compiles with runtime prefix support and runs without translated messages, and it still uses the gettext machinery to display messages, which subsequently looks for translated messages in unexpected places. This flaw allows the malicious placement of crafted messages.

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L

EPSS

0.001

Percentile

18.7%