RCE (Remote Code Execution) org.eclipse.jgit:org.eclipse.jgit Dependency in Bamboo Data Center and Server

This High severity org.eclipse.jgit:org.eclipse.jgit Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0 of Bamboo Data Center and Server. The latest LTS Bamboo 9.6.0 is not impacted by this Vulnerability. This org.eclipse.jgit:org.eclipse.jgit...

jgit: arbitrary file overwrite

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

jgit: arbitrary file overwrite

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

jgit: arbitrary file overwrite

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.0.1 (RHSA-2024:1193)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1193 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release o...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.0.1 (RHSA-2024:1192)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1192 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release o...

jgit: arbitrary file overwrite

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.15 Security update (Moderate) (RHSA-2024:0711)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0711 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.15 Security update (Moderate) (RHSA-2024:0710)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0710 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.15 (RHSA-2024:0712)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0712 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

Security Bulletin: IBM Automation Decision Services January 2024 - Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-6378 DESCRIPTION: QOS.ch Sarl Logback is...

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a remote attacker (CVE-2023-4759)

Summary There is a vulnerability in Eclipse JGit used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-4759 DESCRIPTION: Eclipse JGit could allow a remote attacker t...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : eclipse-jgit, jsch (SUSE-SU-2024:0057-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0057-1 advisory. - Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, ...

SUSE: Security Advisory (SUSE-SU-2024:0057-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM App Connect Enterprise Toolkit and IBM Integration Bus Toolkit are vulnerable to a remote attacker due to Eclipse JGit (CVE-2023-4759)

Summary Windows users of the Eclipse eGit feature in IBM App Connect Enterprise Toolkit and IBM Integration Bus Toolkit are vulnerable to a remote attacker. Vulnerability Details CVEID:CVE-2023-4759 DESCRIPTION: Eclipse JGit could allow a remote attacker to execute arbitrary code on the system,...

SUSE-SU-2024:0057-1 Security update for eclipse-jgit, jsch

This update for eclipse-jgit, jsch fixes the following issues: Security fix: - CVE-2023-4759: Fixed an arbitrary file overwrite which might have occurred with a specially crafted git repository and a case-insensitive filesystem. bsc1215298 Other fixes: jsch was updated to version 0.2.9: - Added...

OESA-2023-1995 jgit security update

A pure Java implementation of the Git version control system and command line interface. Security Fixes: Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file...

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple Java security vulnerabilities listed herein Vulnerability Details CVEID: CVE-2023-4759 DESCRIPTION: Eclipse JGit could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of case insensitive...

at.molindo:git-commit-id-plugin (=2.1.10-alpha-1), at.nonblocking:nonsnapshot-maven-plugin (=3.0.1) +4141 more potentially affected by CVE-2023-4759 via org.eclipse.jgit:org.eclipse.jgit (>=1.2.0.201112221803-r <=5.13.2.202306221912-r)

org.eclipse.jgit:org.eclipse.jgit MAVEN version =1.2.0.201112221803-r, =2.0.0, =2.0.4, =0.1.1, =0.1.1, =2.0.0, =0.0.1, =0.2.8, =1.5.6 - br.com.sabium.gradle-bump:br.com.sabium.gradle-bump.gradle.plugin =1.0.1 and more Source cves: CVE-2023-4759 Source advisory: OSV:GHSA-3P86-9955-H393...

0x.plugin.bom:zero-x-plugin-bom (>=0.0.10 <=1.1.0), app.ariadust.dendrobium:app.ariadust.dendrobium.gradle.plugin (>=1.0.0 <=1.0.4) +1534 more potentially affected by CVE-2023-4759 via org.eclipse.jgit:org.eclipse.jgit (>=6.0.0.202111291000-r <=6.6.0.202305301015-r)

org.eclipse.jgit:org.eclipse.jgit MAVEN version =6.0.0.202111291000-r, =0.0.10, =1.0.0, =1.0, =1.0, =2.0, =1.0, =1.0, =3.0, =3.0, =1.0, =3.26.0, =3.26.0, =3.26.0, =3.26.0, =4.23.0 and more Source cves: CVE-2023-4759https:/...