Command injection

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...

CVE-2019-10392

CVE-2019-10392 affects Jenkins Git Client Plugin (versions ≤2.8.4 and 3.0.0-rc): improper restriction of values passed to git ls-remote enables OS command injection. Exploitation details are present in a public exploit repository (GitHub). NVD CVSSv3.1 base score 8.8 (HIGH). Connected advisories ...

CVE-2019-10392

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...

PT-2019-11786 · Jenkins · Jenkins Git Client Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Git Client Plugin versions 2.8.4 and earlier Jenkins Git Client Plugin version 3.0.0-rc Description: The issue results from improper restriction of values passed as URL arguments to an invocation of git ls-remote, leading to OS comman...

GitLab CE/EE Information Disclosure Vulnerability (CNVD-2019-32223)

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is the GitLab Enterprise Edition and GitLab CE is the GitLab Community Edition. GitLab CE/...

CVE-2019-11549

An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in logs on connection errors...

CVE-2019-11549

An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in logs on connection errors...

CVE-2019-11549

An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in logs on connection errors...

Information disclosure

An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in logs on connection errors...

CVE-2019-11549

Removed by vendor...

CVE-2019-11549

An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in logs on connection errors...

Argument Injection - CVE-2019-15000

Bitbucket Server & Bitbucket Data Center had an argument injection vulnerability, allowing an attacker to inject additional arguments into Git commands, which could lead to remote code execution. Remote attackers can exploit this argument injection vulnerability if they are able to access a Git...

Argument Injection - CVE-2019-15000

Bitbucket Server & Bitbucket Data Center had an argument injection vulnerability, allowing an attacker to inject additional arguments into Git commands, which could lead to remote code execution. Remote attackers can exploit this argument injection vulnerability if they are able to access a Git...

BlockDev Sp. Z o.o: .git file accessible

Hi, Your .git file accessible. Thats information disclosure. URL: https://blog.makerdao.com/wp-content/themes/makerDAO/.git/config REQUEST: GET /wp-content/themes/makerDAO/.git/config HTTP/1.1 Host: blog.makerdao.com Accept:...

Bitbucket 6.1.1 Path Traversal to RCE

Impact In Bitbucket the four different user roles Bitbucket User, Project Creator, Admin and System Admin exist. An attacker with the permissions of the role Admin can abuse Bitbuckets Data Center Migration tool to drop an executable shell script in an arbitrary directory. This is caused by a...

Docker < 18.09.4 RCE Vulnerability

Docker is prone to a remote code execution RCE vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

The vulnerability of the Git component of Microsoft Visual Studio’s software development tools allows attackers to enhance their privileges.

The vulnerability of the Git component in Microsoft Visual Studio is related to privilege management errors. Exploiting this vulnerability can allow an attacker to increase their privileges...

GitLab: Git flag injection - Search API with scope 'blobs'

As requested from @hackerjuan, breaking this out of https://hackerone.com/reports/658013 for easier tracking. Summary Gitlab 12.1.6 fixed the wikiblobs scope of the search api, but the blobs scope is still vulnerable to git flag injection and allows reading any file in /var/opt/gitlab/gitaly...

EulerOS 2.0 SP5 : patch (EulerOS-SA-2019-1801)

According to the versions of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrar...

CVE-2019-13139

In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git...