CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
The go-getter library vulnerability of HashiCorp’s enterprise information archiving platforms is related to a
vulnerability to argument injection when running Git. Exploitation of the vulnerability could allow an attacker,
acting remotely, to format the Git URL to inject additional Git arguments into the
Git call