GitLens Git Local Configuration Exec

GitKraken GitLens before v.14.0.0 allows an untrusted workspace to execute git commands. A repo may include its own .git folder including a malicious config file to execute arbitrary code. Tested against VSCode 1.87.2 with GitLens 13.6.0 on Ubuntu 22.04 and Windows 10 Module Options msf use...

PT-2022-3601 · Git +10 · Git +10

Name of the Vulnerable Software and Affected Versions: Git versions prior to 2.37.1 Git versions prior to 2.36.2 Git versions prior to 2.35.4 Git versions prior to 2.34.4 Git versions prior to 2.33.4 Git versions prior to 2.32.3 Git versions prior to 2.31.4 Git versions prior to 2.30.5 Descriptio...

Azure App Service Linux source repository exposure

MSRC was informed by Wiz.io, a cloud security vendor, under Coordinated Vulnerability Disclosure CVD of an issue where customers can unintentionally configure the .git folder to be created in the content root, which would put them at risk for information disclosure. This, when combined with an...

Mail.ru: todo.mail.ru open .git

todo.mail.ru landing .git folder was publicly accessible...