Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID present in the provided context is CVE-2016-9086. The target product/service or framework is GitLab. The vulnerability class/vector is not explicitly stated, but it is likely related to the mentioned...

EulerOS 2.0 SP8 : git (EulerOS-SA-2020-1578)

According to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bu...

CVE-2020-11052

Summary: CVE-2020-11052 describes a brute-force vulnerability in Sorcery prior to 0.15.0 related to password authentication. The built-in brute-force protection submodule would block attempts for a defined lockout period, but after expiry the protection is not re-enabled automatically unless a su...

Security update for git (moderate)

openSUSE Security Update: Security update for git Announcement ID: openSUSE-SU-2020:0598-1 Rating: moderate References: 1063412 1095218 1095219 1110949 1112230 1114225 1132350 1149792 1156651 1158785 1158787 1158788 1158789 1158790 1158791 1158792 1158793 1158795 1167890 1168930 1169605 1169786...

[ASA-202004-21] git: information disclosure

Arch Linux Security Advisory ASA-202004-21 ========================================== Severity: High Date : 2020-04-22 CVE-ID : CVE-2020-11008 Package : git Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-1138 Summary ======= The package git before version...

The vulnerability of the component responsible for checking the names of submodules in the Git version control system allows a hacker to gain unauthorized access to confidential data, cause service failures, and compromise data integrity.

The vulnerability of the component responsible for checking the names of sub-modules in the distributed version control system Git is related to a lack of input data validation. Exploiting this vulnerability can allow an attacker to gain unauthorized access to confidential data, cause service...

CVE-2020-11008

Technical details for CVE-2020-11008 are not present in the provided connected documents. The sources discuss related CVEs and general Git credential leakage vectors but do not specify affected versions, root cause, fixes, or exploitation status for this CVE. Monitor for updates.

Malicious Package

Overview capistrano-scm-git-withsubmoduleandresolvsymlinks is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa...

SUSE SLES12 Security Update : git (SUSE-SU-2020:0992-1)

This update for git fixes the following issues : Security issue fixed : CVE-2020-5260: With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host bsc1168930. Non-security issue fixed : git was updated to 2.26.0 f...

Design/Logic Flaw

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system...

The vulnerability of the Git version control system, related to insufficient validation of input data, allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Git version control system lies in the improper updating of submodules. This occurs because the operation can execute commands found in the .gitmodules file of the malicious repository. Exploiting this vulnerability allows a remote attacker to access confidential data,...

CVE-2019-1387

A flaw was discovered where git improperly validates submodules' names used to construct git metadata paths and does not prevent them from being nested in existing directories used to store another submodule's metadata. A remote attacker could abuse this flaw to trick a victim user into cloning a...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an offensive tool for Vulnerability Research and Exploitation. The primary CVE ID present in the provided context is CVE-2016-9086. The target product/service or framework is GitLab. The vulnerability class/vector is a remote code execution vulnerability. The probable entry point is the...

Git Submodule Remote Code Execution (CVE-2018-17456)

A remote code execution vulnerability exists in Git. Successful exploitation of this vulnerability could lead to arbitrary code execution on the affected system...

EulerOS 2.0 SP8 : git (EulerOS-SA-2020-1151)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The...

OPENSUSE-SU-2020:0123-1 Security update for git

This update for git fixes the following issues: Security issues fixed: - CVE-2019-1349: Fixed issue on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice bsc1158787. - CVE-2019-19604: Fixed a recursive clone...

Debian DLA-2059-1 : git security update

Several vulnerabilities have been discovered in git, a fast, scalable, distributed revision control system. CVE-2019-1348 It was reported that the --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=..., allowing to overwrite arbitrary paths...

CVE-2014-5138

Innovative Interfaces Sierra Library Services Platform 1.23 does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass parameter validation via unspecified vectors, possibly related to the Webpac Pro submodule...

SUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2020:0045-1)

This update for git fixes the following issues : Security issues fixed : CVE-2019-1349: Fixed issue on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice bsc1158787. CVE-2019-19604: Fixed a recursive clone...

Oracle Linux 8 : git (ELSA-2019-4356)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4356 advisory. - Remote code execution in recursive clones with nested submodules Resolves: CVE-2019-1387 Tenable has extracted the preceding description block direct...