ROSA LABROSA-SA-2024-2398Advisory ROSA-SA-2024-2398
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.013 Low
EPSS
Percentile
85.6%
software: git 2.41.0
WASP: ROSA-CHROME
package_evr_string: git-2.41.0-2.src.rpm
CVE-ID: CVE-2022-23521
BDU-ID: 2023-00499
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the attribute definition mechanism for the gitattributes paths of the Git distributed version control system is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using a specially crafted .gitattributes file
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update git
CVE-ID: CVE-2022-29187
BDU-ID: 2022-04385
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Git distributed version control system is related to the ability to create a “C:\.git” folder. Exploitation of the vulnerability could allow an attacker to run arbitrary commands
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update git
CVE-ID: CVE-2022-31012
BDU-ID: 2022-04404
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Git distributed version control system installer is related to the use of an unreliable search path. Exploitation of the vulnerability could allow an attacker to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update git
CVE-ID: CVE-2022-39253
BDU-ID: 2023-06647
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Git for Windows distributed version control system is related to a lack of service data protection. Exploitation of the vulnerability could allow an attacker to gain access to sensitive information.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update git
CVE-ID: CVE-2022-39260
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: In git, the function that splits command arguments into an array incorrectly uses int to represent the number of entries in the array, allowing an attacker to intentionally overflow the return value, resulting in an arbitrary entry in the heap. Since the resulting array is then passed to execv(), it is possible to use this attack to remotely execute code on the victim machine. Note that the victim must first allow access to gitshell' as the login shell to be vulnerable to this attack. Disabling access to gitshell` via remote login is a viable short-term workaround.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update git
CVE-ID: CVE-2022-41903
BDU-ID: 2023-00609
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the pretty.c::format_and_pad_commit() function of the Git distributed version control system’s commit formatting mechanism is related to a buffer overflow in dynamic memory. Exploiting the vulnerability could allow an attacker acting remotely to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update git
CVE-ID: CVE-2023-22490
BDU-ID: 2023-01602
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Git distributed version control system involves insecure handling of symbolic links when using local cloning optimization, Git aborts local clones whose source directory $GIT_DIR/objects contains symbolic links, but the object directory itself may still be a symbolic link. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update git
CVE-ID: CVE-2023-23946
BDU-ID: 2023-01603
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Git distributed version control system is related to the input of processed input data - a path outside of the working tree could be overwritten by a user running “git apply”. Exploitation of the vulnerability could allow an attacker acting remotely to overwrite arbitrary files on the system
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update git
CVE-ID: CVE-2023-25652
BDU-ID: 2023-03859
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Git distributed version control system is related to flaws in the directory path name restriction. Exploitation of the vulnerability allows an attacker acting remotely to impact data integrity using a specially crafted command
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update git
CVE-ID: CVE-2023-29007
BDU-ID: 2023-02908
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the git_config_copy_or_rename_section_in_file function of the config.c file of the Git distributed version control system is related to insufficient neutralization of special elements in the request. Exploitation of the vulnerability could allow an attacker, to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update git
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.013 Low
EPSS
Percentile
85.6%