CVE-2024-51990

CVE-2024-51990 affects jj (Jujutsu), a Git-compatible VCS written in Rust. The issue is a path traversal vulnerability where specially crafted Git repositories can cause jj to write files outside the clone. This has been fixed in version 0.23.0. If upgrading is not possible, users are advised to ...

PT-2024-7926 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.13.0 through 3.13.1 GitHub Enterprise Server versions prior to 3.13.2 Description: The issue is related to an authorization bypass vulnerability in GitHub Enterprise Server, allowing unauthorized internal...

PT-2024-35081 · Jj · Jj

Name of the Vulnerable Software and Affected Versions: jj versions prior to 0.23.0 Description: Specially crafted Git repositories can cause jj to write files outside the clone. This issue can be achieved by having file objects which contain path traversals. To exploit this, an attacker would nee...

Virtuozzo Hybrid Server 7.5 Update 7 (7.5.7-129)

Virtuozzo Hybrid Server 7.5 Update 7 introduces a way to convert system containers to virtual machines, support for Ubuntu 24.04 LTS, and bug fixes. Additionally, it provides a new kernel 3.10.0-1160.119.1.vz7.224.4. Vulnerability id: PSBM-159393 Memory corruption leading to a crash in nodes in...

Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned

Cybersecurity researchers have flagged a "massive" campaign that targets exposed Git configurations to siphon credentials, clone private repositories, and even extract cloud credentials from the source code. The activity, codenamed EMERALDWHALE , is estimated to have collected over 10,000 private...

UBUNTU-CVE-2024-9623

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository...

GitLab CE/EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE/EE versions 8.16 through prior to 17.2.9,...

git: RCE while cloning local repos

A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code...

Important: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

CLSA-2024-1728056367 Fix CVE(s): CVE-2024-32465

SECURITY UPDATE: Bypass of protections in untrusted repositories - debian/patches/CVE-2024-32465.patch: Disable lazy-fetching by default in upload-pack to prevent arbitrary command execution during clone/fetch - CVE-2024-32465...

USN-7023-1 git vulnerabilities

Maxime Escourbiac and Yassine Bengana discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. This issue was fixed in Ubuntu 16.04 LTS. CVE-2023-25815 It was discovered that Git incorrectly...

Ubuntu 16.04 LTS / 18.04 LTS : Git vulnerabilities (USN-7023-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7023-1 advisory. Maxime Escourbiac and Yassine Bengana discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this iss...

Release Information for Veeam Backup for Microsoft Azure 7 Cumulative Patches

Requirements Please confirm that you are running version Veeam Backup for Microsoft Azure v7 build 7.0.0.467 or later before upgrading. You can find the currently installed build number Product version in the About section under Configuration | Support Information | Updates. After installing Veea...

The vulnerability of the corporate version of the GitHub Enterprise Server is related to improper authentication, which allows a malicious user to modify issues in public repositories.

The vulnerability of the corporate version of the GitHub Enterprise Server is related to improper authentication. Exploiting this vulnerability could allow a malicious actor to modify issues in public repositories remotely...

The vulnerability of the corporate version of the GitHub Enterprise Server, related to the disclosure of content in private repositories, allows a violator to gain access to confidential information.

The vulnerability of the corporate version of the GitHub Enterprise Server relates to the exposure of content in private repositories. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information...

git: Fix of CVE-2024-32004

CVE-2024-32004: integrating ownership checking to detect dubious local repositories during cloning...

CLSA-2024-1725655852 git: Fix of CVE-2024-32004

CVE-2024-32004: integrating ownership checking to detect dubious local repositories during cloning...

CLSA-2024-1725652323 Fix CVE(s): CVE-2024-32004

SECURITY UPDATE: Potential arbitrary code execution - debian/patches/CVE-2024-32004.patch: Enhance ownership checks to detect dubious local repositories during cloning, warning users of potential risks. This change affects multiple Git commands to improve overall security. - CVE-2024-32004...

CLSA-2024-1725652305 git: Fix of CVE-2024-32004

CVE-2024-32004: integrating ownership checking to detect dubious local repositories during cloning...

GitStack Unauthenticated REST API Requests

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitStack Unauthenticated REST API Requests', 'Description' = %q This modules exploits unauthenticated REST API requests in GitStack through...