CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
77.3%
Software: git 1.8.3.1
OS: rosa-server79
package_evr_string: git-1.8.3.1-25.res7
CVE-ID: CVE-2023-25652
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: Up to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1 by submitting specially crafted input for git apply --reject
, the path outside the working tree can be overwritten with partially controlled content (corresponding to rejected fragments from this patch). The fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. . As a workaround, avoid using git apply' with
--reject’ when applying patches from an unreliable source. Use git apply --stat
to test a patch before applying it; avoid applying those that create a conflict when there is a link corresponding to the *.rej
file.
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update git command
CVE-ID: CVE-2023-29007
BDU-ID: 2023-02908
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the git_config_copy_or_rename_section_in_file function of the config.c file of the Git distributed version control system is related to insufficient neutralization of special elements in the request. Exploitation of the vulnerability could allow an attacker, to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: Execute yum update git command to close.