{"nessus": [{"lastseen": "2021-02-25T17:09:30", "description": "According to the version of the git packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - Git is a fast, scalable, distributed revision control\n system with an unusually rich command set that provides\n both high-level operations and full access to\n internals. The git rpm installs common set of tools\n which are usually using with small amount of\n dependencies. To install all git packages, including\n tools for integrating with other SCMs, install the\n git-all meta-package.Security Fix(es):Affected versions\n of Git have a vulnerability whereby Git can be tricked\n into sending private credentials to a host controlled\n by an attacker. This bug is similar to\n CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that\n bug still left the door open for an exploit where\n _some_ credential is leaked (but the attacker cannot\n control which one). Git uses external 'credential\n helper' programs to store and retrieve passwords or\n other credentials from secure storage provided by the\n operating system. Specially-crafted URLs that are\n considered illegal as of the recently published Git\n versions can cause Git to send a 'blank' pattern to\n helpers, missing hostname and protocol fields. Many\n helpers will interpret this as matching _any_ URL, and\n will return some unspecified stored password, leaking\n the password to an attacker's server. The vulnerability\n can be triggered by feeding a malicious URL to `git\n clone`. However, the affected URLs look rather\n suspicious the likely vector would be through systems\n which automatically clone URLs not visible to the user,\n such as Git submodules, or package systems built around\n Git. The root of the problem is in Git itself, which\n should not be feeding blank input to helpers. However,\n the ability to exploit the vulnerability in practice\n depends on which helpers are in use. Credential helpers\n which are known to trigger the vulnerability: - Git's\n 'store' helper - Git's 'cache' helper - the\n 'osxkeychain' helper that ships in Git's 'contrib'\n directory Credential helpers which are known to be safe\n even with vulnerable versions of Git: - Git Credential\n Manager for Windows Any helper not in this list should\n be assumed to trigger the\n vulnerability.(CVE-2020-11008)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 2, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2021-02-22T00:00:00", "title": "EulerOS 2.0 SP2 : git (EulerOS-SA-2021-1298)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-5260", "CVE-2020-11008"], "modified": "2021-02-22T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:git", "p-cpe:/a:huawei:euleros:perl-Git", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1298.NASL", "href": "https://www.tenable.com/plugins/nessus/146765", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146765);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/24\");\n\n script_cve_id(\n \"CVE-2020-11008\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : git (EulerOS-SA-2021-1298)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the git packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - Git is a fast, scalable, distributed revision control\n system with an unusually rich command set that provides\n both high-level operations and full access to\n internals. The git rpm installs common set of tools\n which are usually using with small amount of\n dependencies. To install all git packages, including\n tools for integrating with other SCMs, install the\n git-all meta-package.Security Fix(es):Affected versions\n of Git have a vulnerability whereby Git can be tricked\n into sending private credentials to a host controlled\n by an attacker. This bug is similar to\n CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that\n bug still left the door open for an exploit where\n _some_ credential is leaked (but the attacker cannot\n control which one). Git uses external 'credential\n helper' programs to store and retrieve passwords or\n other credentials from secure storage provided by the\n operating system. Specially-crafted URLs that are\n considered illegal as of the recently published Git\n versions can cause Git to send a 'blank' pattern to\n helpers, missing hostname and protocol fields. Many\n helpers will interpret this as matching _any_ URL, and\n will return some unspecified stored password, leaking\n the password to an attacker's server. The vulnerability\n can be triggered by feeding a malicious URL to `git\n clone`. However, the affected URLs look rather\n suspicious the likely vector would be through systems\n which automatically clone URLs not visible to the user,\n such as Git submodules, or package systems built around\n Git. The root of the problem is in Git itself, which\n should not be feeding blank input to helpers. However,\n the ability to exploit the vulnerability in practice\n depends on which helpers are in use. Credential helpers\n which are known to trigger the vulnerability: - Git's\n 'store' helper - Git's 'cache' helper - the\n 'osxkeychain' helper that ships in Git's 'contrib'\n directory Credential helpers which are known to be safe\n even with vulnerable versions of Git: - Git Credential\n Manager for Windows Any helper not in this list should\n be assumed to trigger the\n vulnerability.(CVE-2020-11008)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1298\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f672beef\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"git-1.8.3.1-14.h6\",\n \"perl-Git-1.8.3.1-14.h6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-02-04T09:22:52", "description": "The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2020:1980 advisory.\n\n - git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak\n (CVE-2020-11008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2021-02-01T00:00:00", "title": "CentOS 8 : git (CESA-2020:1980)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11008"], "modified": "2021-02-01T00:00:00", "cpe": ["p-cpe:/a:centos:centos:git", "p-cpe:/a:centos:centos:gitk", "p-cpe:/a:centos:centos:git-email", "p-cpe:/a:centos:centos:git-core-doc", "p-cpe:/a:centos:centos:perl-Git-SVN", "p-cpe:/a:centos:centos:perl-Git", "p-cpe:/a:centos:centos:git-gui", "cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:gitweb", "p-cpe:/a:centos:centos:git-all", "p-cpe:/a:centos:centos:git-daemon", "p-cpe:/a:centos:centos:git-subtree", "p-cpe:/a:centos:centos:git-svn", "p-cpe:/a:centos:centos:git-instaweb", "p-cpe:/a:centos:centos:git-core", "cpe:/a:centos:centos:8::appstream"], "id": "CENTOS8_RHSA-2020-1980.NASL", "href": "https://www.tenable.com/plugins/nessus/145960", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:1980. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145960);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/03\");\n\n script_cve_id(\"CVE-2020-11008\");\n script_xref(name:\"RHSA\", value:\"2020:1980\");\n\n script_name(english:\"CentOS 8 : git (CESA-2020:1980)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2020:1980 advisory.\n\n - git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak\n (CVE-2020-11008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1980\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11008\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:centos:centos:8::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-core-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-subtree\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Git-SVN\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'git-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-all-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-all-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-doc-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-doc-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-daemon-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-daemon-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-email-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-email-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-gui-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-gui-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-instaweb-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-instaweb-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-subtree-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-subtree-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-svn-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-svn-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitk-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitk-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitweb-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitweb-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-SVN-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-SVN-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'git / git-all / git-core / git-core-doc / git-daemon / git-email / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-23T09:06:54", "description": "According to the version of the git packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - Affected versions of Git have a vulnerability whereby\n Git can be tricked into sending private credentials to\n a host controlled by an attacker. This bug is similar\n to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that\n bug still left the door open for an exploit where\n _some_ credential is leaked (but the attacker cannot\n control which one). Git uses external 'credential\n helper' programs to store and retrieve passwords or\n other credentials from secure storage provided by the\n operating system. Specially-crafted URLs that are\n considered illegal as of the recently published Git\n versions can cause Git to send a 'blank' pattern to\n helpers, missing hostname and protocol fields. Many\n helpers will interpret this as matching _any_ URL, and\n will return some unspecified stored password, leaking\n the password to an attacker's server. The vulnerability\n can be triggered by feeding a malicious URL to `git\n clone`. However, the affected URLs look rather\n suspicious the likely vector would be through systems\n which automatically clone URLs not visible to the user,\n such as Git submodules, or package systems built around\n Git. The root of the problem is in Git itself, which\n should not be feeding blank input to helpers. However,\n the ability to exploit the vulnerability in practice\n depends on which helpers are in use. Credential helpers\n which are known to trigger the vulnerability: - Git's\n 'store' helper - Git's 'cache' helper - the\n 'osxkeychain' helper that ships in Git's 'contrib'\n directory Credential helpers which are known to be safe\n even with vulnerable versions of Git: - Git Credential\n Manager for Windows Any helper not in this list should\n be assumed to trigger the\n vulnerability.(CVE-2020-11008)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 2, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2021-01-20T00:00:00", "title": "EulerOS 2.0 SP3 : git (EulerOS-SA-2021-1068)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-5260", "CVE-2020-11008"], "modified": "2021-01-20T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:git", "p-cpe:/a:huawei:euleros:perl-Git", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1068.NASL", "href": "https://www.tenable.com/plugins/nessus/145168", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145168);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/22\");\n\n script_cve_id(\n \"CVE-2020-11008\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : git (EulerOS-SA-2021-1068)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the git packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - Affected versions of Git have a vulnerability whereby\n Git can be tricked into sending private credentials to\n a host controlled by an attacker. This bug is similar\n to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that\n bug still left the door open for an exploit where\n _some_ credential is leaked (but the attacker cannot\n control which one). Git uses external 'credential\n helper' programs to store and retrieve passwords or\n other credentials from secure storage provided by the\n operating system. Specially-crafted URLs that are\n considered illegal as of the recently published Git\n versions can cause Git to send a 'blank' pattern to\n helpers, missing hostname and protocol fields. Many\n helpers will interpret this as matching _any_ URL, and\n will return some unspecified stored password, leaking\n the password to an attacker's server. The vulnerability\n can be triggered by feeding a malicious URL to `git\n clone`. However, the affected URLs look rather\n suspicious the likely vector would be through systems\n which automatically clone URLs not visible to the user,\n such as Git submodules, or package systems built around\n Git. The root of the problem is in Git itself, which\n should not be feeding blank input to helpers. However,\n the ability to exploit the vulnerability in practice\n depends on which helpers are in use. Credential helpers\n which are known to trigger the vulnerability: - Git's\n 'store' helper - Git's 'cache' helper - the\n 'osxkeychain' helper that ships in Git's 'contrib'\n directory Credential helpers which are known to be safe\n even with vulnerable versions of Git: - Git Credential\n Manager for Windows Any helper not in this list should\n be assumed to trigger the\n vulnerability.(CVE-2020-11008)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1068\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0ae89178\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"git-1.8.3.1-20.h5\",\n \"perl-Git-1.8.3.1-20.h5\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-11T11:58:07", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has git packages installed that are affected by\nmultiple vulnerabilities:\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials\n to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix\n for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker\n cannot control which one). Git uses external credential helper programs to store and retrieve passwords\n or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are\n considered illegal as of the recently published Git versions can cause Git to send a blank pattern to\n helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and\n will return some unspecified stored password, leaking the password to an attacker's server. The\n vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look\n rather suspicious; the likely vector would be through systems which automatically clone URLs not visible\n to the user, such as Git submodules, or package systems built around Git. The root of the problem is in\n Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the\n vulnerability in practice depends on which helpers are in use. Credential helpers which are known to\n trigger the vulnerability: - Git's store helper - Git's cache helper - the osxkeychain helper that\n ships in Git's contrib directory Credential helpers which are known to be safe even with vulnerable\n versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to\n trigger the vulnerability. (CVE-2020-11008)\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials\n to a host controlled by an attacker. Git uses external credential helper programs to store and retrieve\n passwords or other credentials from secure storage provided by the operating system. Specially-crafted\n URLs that contain an encoded newline can inject unintended values into the credential helper protocol\n stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for\n an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the\n former being sent to the latter. There are no restrictions on the relationship between the two, meaning\n that an attacker can craft a URL that will present stored credentials for any host to a host of their\n choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the\n affected URLs look rather suspicious; the likely vector would be through systems which automatically clone\n URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has\n been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to\n backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks\n for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched\n versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.\n (CVE-2020-5260)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-12-09T00:00:00", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : git Multiple Vulnerabilities (NS-SA-2020-0075)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-5260", "CVE-2020-11008"], "modified": "2020-12-09T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0075_GIT.NASL", "href": "https://www.tenable.com/plugins/nessus/143893", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0075. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143893);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/10\");\n\n script_cve_id(\"CVE-2020-5260\", \"CVE-2020-11008\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : git Multiple Vulnerabilities (NS-SA-2020-0075)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has git packages installed that are affected by\nmultiple vulnerabilities:\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials\n to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix\n for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker\n cannot control which one). Git uses external credential helper programs to store and retrieve passwords\n or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are\n considered illegal as of the recently published Git versions can cause Git to send a blank pattern to\n helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and\n will return some unspecified stored password, leaking the password to an attacker's server. The\n vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look\n rather suspicious; the likely vector would be through systems which automatically clone URLs not visible\n to the user, such as Git submodules, or package systems built around Git. The root of the problem is in\n Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the\n vulnerability in practice depends on which helpers are in use. Credential helpers which are known to\n trigger the vulnerability: - Git's store helper - Git's cache helper - the osxkeychain helper that\n ships in Git's contrib directory Credential helpers which are known to be safe even with vulnerable\n versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to\n trigger the vulnerability. (CVE-2020-11008)\n\n - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials\n to a host controlled by an attacker. Git uses external credential helper programs to store and retrieve\n passwords or other credentials from secure storage provided by the operating system. Specially-crafted\n URLs that contain an encoded newline can inject unintended values into the credential helper protocol\n stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for\n an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the\n former being sent to the latter. There are no restrictions on the relationship between the two, meaning\n that an attacker can craft a URL that will present stored credentials for any host to a host of their\n choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the\n affected URLs look rather suspicious; the likely vector would be through systems which automatically clone\n URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has\n been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to\n backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks\n for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched\n versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.\n (CVE-2020-5260)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0075\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL git packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5260\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'emacs-git-1.8.3.1-23.el7_8',\n 'emacs-git-el-1.8.3.1-23.el7_8',\n 'git-1.8.3.1-23.el7_8',\n 'git-all-1.8.3.1-23.el7_8',\n 'git-bzr-1.8.3.1-23.el7_8',\n 'git-cvs-1.8.3.1-23.el7_8',\n 'git-daemon-1.8.3.1-23.el7_8',\n 'git-debuginfo-1.8.3.1-23.el7_8',\n 'git-email-1.8.3.1-23.el7_8',\n 'git-gnome-keyring-1.8.3.1-23.el7_8',\n 'git-gui-1.8.3.1-23.el7_8',\n 'git-hg-1.8.3.1-23.el7_8',\n 'git-instaweb-1.8.3.1-23.el7_8',\n 'git-p4-1.8.3.1-23.el7_8',\n 'git-svn-1.8.3.1-23.el7_8',\n 'gitk-1.8.3.1-23.el7_8',\n 'gitweb-1.8.3.1-23.el7_8',\n 'perl-Git-1.8.3.1-23.el7_8',\n 'perl-Git-SVN-1.8.3.1-23.el7_8'\n ],\n 'CGSL MAIN 5.04': [\n 'emacs-git-1.8.3.1-23.el7_8',\n 'emacs-git-el-1.8.3.1-23.el7_8',\n 'git-1.8.3.1-23.el7_8',\n 'git-all-1.8.3.1-23.el7_8',\n 'git-bzr-1.8.3.1-23.el7_8',\n 'git-cvs-1.8.3.1-23.el7_8',\n 'git-daemon-1.8.3.1-23.el7_8',\n 'git-debuginfo-1.8.3.1-23.el7_8',\n 'git-email-1.8.3.1-23.el7_8',\n 'git-gnome-keyring-1.8.3.1-23.el7_8',\n 'git-gui-1.8.3.1-23.el7_8',\n 'git-hg-1.8.3.1-23.el7_8',\n 'git-instaweb-1.8.3.1-23.el7_8',\n 'git-p4-1.8.3.1-23.el7_8',\n 'git-svn-1.8.3.1-23.el7_8',\n 'gitk-1.8.3.1-23.el7_8',\n 'gitweb-1.8.3.1-23.el7_8',\n 'perl-Git-1.8.3.1-23.el7_8',\n 'perl-Git-SVN-1.8.3.1-23.el7_8'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'git');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-11-19T05:33:58", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3581 advisory.\n\n - git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008)\n\n - git: Crafted URL containing new lines can cause credential leak (CVE-2020-5260)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 3, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-08-31T00:00:00", "title": "RHEL 7 : git (RHSA-2020:3581)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-5260", "CVE-2020-11008"], "modified": "2020-08-31T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:git-svn", "cpe:/o:redhat:rhel_e4s:7.7::computenode", "cpe:/o:redhat:rhel_e4s:7.7::server", "p-cpe:/a:redhat:enterprise_linux:perl-Git", "cpe:/o:redhat:rhel_tus:7.7::computenode", "p-cpe:/a:redhat:enterprise_linux:git-all", "p-cpe:/a:redhat:enterprise_linux:emacs-git-el", "cpe:/o:redhat:rhel_eus:7.7::computenode", "p-cpe:/a:redhat:enterprise_linux:git", "p-cpe:/a:redhat:enterprise_linux:perl-Git-SVN", "p-cpe:/a:redhat:enterprise_linux:git-gui", "p-cpe:/a:redhat:enterprise_linux:git-gnome-keyring", "p-cpe:/a:redhat:enterprise_linux:gitk", "cpe:/o:redhat:rhel_tus:7.7", "cpe:/o:redhat:rhel_aus:7.7", "p-cpe:/a:redhat:enterprise_linux:git-cvs", "p-cpe:/a:redhat:enterprise_linux:gitweb", "cpe:/o:redhat:rhel_aus:7.7::computenode", "p-cpe:/a:redhat:enterprise_linux:git-instaweb", "p-cpe:/a:redhat:enterprise_linux:git-hg", "p-cpe:/a:redhat:enterprise_linux:git-p4", "p-cpe:/a:redhat:enterprise_linux:git-bzr", "cpe:/o:redhat:rhel_eus:7.7::server", "p-cpe:/a:redhat:enterprise_linux:git-daemon", "p-cpe:/a:redhat:enterprise_linux:git-email", "cpe:/o:redhat:rhel_e4s:7.7", "cpe:/o:redhat:rhel_eus:7.7", "cpe:/o:redhat:rhel_aus:7.7::server", "p-cpe:/a:redhat:enterprise_linux:emacs-git", "cpe:/o:redhat:rhel_tus:7.7::server"], "id": "REDHAT-RHSA-2020-3581.NASL", "href": "https://www.tenable.com/plugins/nessus/140083", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3581. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140083);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/18\");\n\n script_cve_id(\"CVE-2020-5260\", \"CVE-2020-11008\");\n script_xref(name:\"RHSA\", value:\"2020:3581\");\n\n script_name(english:\"RHEL 7 : git (RHSA-2020:3581)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3581 advisory.\n\n - git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008)\n\n - git: Crafted URL containing new lines can cause credential leak (CVE-2020-5260)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-5260\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1822020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1826001\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5260\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7::computenode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7::server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7::computenode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7::server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.7::computenode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.7::server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7::computenode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7::server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-gnome-keyring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Git-SVN\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.7', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'rhel_e4s_7_7_server': [\n 'rhel-7-server-aus-debug-rpms',\n 'rhel-7-server-aus-rpms',\n 'rhel-7-server-aus-source-rpms',\n 'rhel-7-server-e4s-debug-rpms',\n 'rhel-7-server-e4s-rpms',\n 'rhel-7-server-e4s-source-rpms',\n 'rhel-7-server-tus-debug-rpms',\n 'rhel-7-server-tus-rpms',\n 'rhel-7-server-tus-source-rpms'\n ],\n 'rhel_eus_7_7_computenode': [\n 'rhel-7-hpc-node-eus-debug-rpms',\n 'rhel-7-hpc-node-eus-optional-debug-rpms',\n 'rhel-7-hpc-node-eus-optional-rpms',\n 'rhel-7-hpc-node-eus-optional-source-rpms',\n 'rhel-7-hpc-node-eus-rpms',\n 'rhel-7-hpc-node-eus-source-rpms'\n ],\n 'rhel_eus_7_7_server': [\n 'rhel-7-for-system-z-eus-debug-rpms',\n 'rhel-7-for-system-z-eus-optional-debug-rpms',\n 'rhel-7-for-system-z-eus-optional-rpms',\n 'rhel-7-for-system-z-eus-optional-source-rpms',\n 'rhel-7-for-system-z-eus-rpms',\n 'rhel-7-for-system-z-eus-source-rpms',\n 'rhel-7-server-aus-debug-rpms',\n 'rhel-7-server-aus-optional-debug-rpms',\n 'rhel-7-server-aus-optional-rpms',\n 'rhel-7-server-aus-optional-source-rpms',\n 'rhel-7-server-aus-rpms',\n 'rhel-7-server-aus-source-rpms',\n 'rhel-7-server-e4s-debug-rpms',\n 'rhel-7-server-e4s-optional-debug-rpms',\n 'rhel-7-server-e4s-optional-rpms',\n 'rhel-7-server-e4s-optional-source-rpms',\n 'rhel-7-server-e4s-rpms',\n 'rhel-7-server-e4s-source-rpms',\n 'rhel-7-server-eus-debug-rpms',\n 'rhel-7-server-eus-optional-debug-rpms',\n 'rhel-7-server-eus-optional-rpms',\n 'rhel-7-server-eus-optional-source-rpms',\n 'rhel-7-server-eus-rpms',\n 'rhel-7-server-eus-source-rpms',\n 'rhel-7-server-tus-debug-rpms',\n 'rhel-7-server-tus-optional-debug-rpms',\n 'rhel-7-server-tus-optional-rpms',\n 'rhel-7-server-tus-optional-source-rpms',\n 'rhel-7-server-tus-rpms',\n 'rhel-7-server-tus-source-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-source-rpms',\n 'rhel-ha-for-rhel-7-server-eus-debug-rpms',\n 'rhel-ha-for-rhel-7-server-eus-rpms',\n 'rhel-ha-for-rhel-7-server-eus-source-rpms',\n 'rhel-ha-for-rhel-7-server-tus-debug-rpms',\n 'rhel-ha-for-rhel-7-server-tus-rpms',\n 'rhel-ha-for-rhel-7-server-tus-source-rpms',\n 'rhel-rs-for-rhel-7-server-eus-debug-rpms',\n 'rhel-rs-for-rhel-7-server-eus-rpms',\n 'rhel-rs-for-rhel-7-server-eus-source-rpms'\n ],\n 'rhel_tus_7_7_server': [\n 'rhel-ha-for-rhel-7-server-tus-debug-rpms',\n 'rhel-ha-for-rhel-7-server-tus-rpms',\n 'rhel-ha-for-rhel-7-server-tus-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:3581');\n}\n\npkgs = [\n {'reference':'emacs-git-1.8.3.1-23.el7_7', 'sp':'7', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'emacs-git-el-1.8.3.1-23.el7_7', 'sp':'7', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'git-1.8.3.1-23.el7_7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'git-1.8.3.1-23.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'git-all-1.8.3.1-23.el7_7', 'sp':'7', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'git-bzr-1.8.3.1-23.el7_7', 'sp':'7', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'git-cvs-1.8.3.1-23.el7_7', 'sp':'7', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'git-daemon-1.8.3.1-23.el7_7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'git-daemon-1.8.3.1-23.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'git-email-1.8.3.1-23.el7_7', 'sp':'7', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'git-gnome-keyring-1.8.3.1-23.el7_7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'git-gnome-keyring-1.8.3.1-23.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'git-gui-1.8.3.1-23.el7_7', 'sp':'7', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'git-hg-1.8.3.1-23.el7_7', 'sp':'7', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'git-instaweb-1.8.3.1-23.el7_7', 'sp':'7', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'git-p4-1.8.3.1-23.el7_7', 'sp':'7', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'git-svn-1.8.3.1-23.el7_7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'git-svn-1.8.3.1-23.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'gitk-1.8.3.1-23.el7_7', 'sp':'7', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'gitweb-1.8.3.1-23.el7_7', 'sp':'7', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'perl-Git-1.8.3.1-23.el7_7', 'sp':'7', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'perl-Git-SVN-1.8.3.1-23.el7_7', 'sp':'7', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'emacs-git / emacs-git-el / git / git-all / git-bzr / git-cvs / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-09-14T15:46:54", "description": "The version of Apple Xcode installed on the remote macOS or Mac OS X host is prior to 11.5. It is, therefore, affected\nby an information disclosure vulnerability whereby Git can be tricked into sending private credentials to a host\ncontrolled by an attacker. An attacker can exploit this vulnerability by persuading a victim to open a crafted\nmalicious `git clone` URL.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 4, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-08-20T00:00:00", "title": "Apple Xcode < 11.5 Git Credentials Disclosure (macOS)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11008"], "modified": "2020-08-20T00:00:00", "cpe": ["cpe:/a:apple:xcode"], "id": "MACOS_XCODE_11_5.NASL", "href": "https://www.tenable.com/plugins/nessus/139727", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139727);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/08\");\n\n script_cve_id(\"CVE-2020-11008\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2020-05-19\");\n script_xref(name:\"APPLE-SA\", value:\"HT211183\");\n\n script_name(english:\"Apple Xcode < 11.5 Git Credentials Disclosure (macOS)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An IDE application installed on the remote macOS or Mac OS X host is affected by a credentials disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Xcode installed on the remote macOS or Mac OS X host is prior to 11.5. It is, therefore, affected\nby an information disclosure vulnerability whereby Git can be tricked into sending private credentials to a host\ncontrolled by an attacker. An attacker can exploit this vulnerability by persuading a victim to open a crafted\nmalicious `git clone` URL.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT211183\");\n # https://lists.apple.com/archives/security-announce/2020/May/msg00000.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?748cd761\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Xcode version 11.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11008\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:xcode\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_xcode_installed.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Apple Xcode\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nget_kb_item_or_exit('Host/local_checks_enabled');\n\nos = get_kb_item('Host/MacOSX/Version');\nif (empty_or_null(os))\n audit(AUDIT_OS_NOT, 'macOS or Mac OS X');\n\napp_info = vcf::get_app_info(app:'Apple Xcode');\n\nvcf::check_granularity(app_info:app_info, sig_segments:2);\n\nconstraints = [\n { 'fixed_version' : '11.5' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-11-21T06:01:24", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2337 advisory.\n\n - git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 4, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-08-07T00:00:00", "title": "RHEL 7 : git (RHSA-2020:2337)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11008"], "modified": "2020-08-07T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:git-svn", "cpe:/o:redhat:enterprise_linux:7::server", "p-cpe:/a:redhat:enterprise_linux:perl-Git", "p-cpe:/a:redhat:enterprise_linux:git-all", "p-cpe:/a:redhat:enterprise_linux:emacs-git-el", "p-cpe:/a:redhat:enterprise_linux:git", "p-cpe:/a:redhat:enterprise_linux:perl-Git-SVN", "p-cpe:/a:redhat:enterprise_linux:git-gui", "p-cpe:/a:redhat:enterprise_linux:git-gnome-keyring", "p-cpe:/a:redhat:enterprise_linux:gitk", "cpe:/o:redhat:enterprise_linux:7::computenode", "p-cpe:/a:redhat:enterprise_linux:git-cvs", "p-cpe:/a:redhat:enterprise_linux:gitweb", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:git-instaweb", "p-cpe:/a:redhat:enterprise_linux:git-hg", "p-cpe:/a:redhat:enterprise_linux:git-p4", "p-cpe:/a:redhat:enterprise_linux:git-bzr", "p-cpe:/a:redhat:enterprise_linux:git-daemon", "p-cpe:/a:redhat:enterprise_linux:git-email", "cpe:/o:redhat:enterprise_linux:7::workstation", "p-cpe:/a:redhat:enterprise_linux:emacs-git", "cpe:/o:redhat:enterprise_linux:7::client"], "id": "REDHAT-RHSA-2020-2337.NASL", "href": "https://www.tenable.com/plugins/nessus/139378", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2337. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139378);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/19\");\n\n script_cve_id(\"CVE-2020-11008\");\n script_xref(name:\"RHSA\", value:\"2020:2337\");\n\n script_name(english:\"RHEL 7 : git (RHSA-2020:2337)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2337 advisory.\n\n - git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2337\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1826001\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11008\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7::client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7::computenode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7::server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7::workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-gnome-keyring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Git-SVN\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_7_client': [\n 'rhel-7-desktop-debug-rpms',\n 'rhel-7-desktop-fastrack-debug-rpms',\n 'rhel-7-desktop-fastrack-rpms',\n 'rhel-7-desktop-fastrack-source-rpms',\n 'rhel-7-desktop-optional-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-rpms',\n 'rhel-7-desktop-optional-fastrack-source-rpms',\n 'rhel-7-desktop-optional-rpms',\n 'rhel-7-desktop-optional-source-rpms',\n 'rhel-7-desktop-rpms',\n 'rhel-7-desktop-source-rpms'\n ],\n 'enterprise_linux_7_computenode': [\n 'rhel-7-for-hpc-node-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-fastrack-rpms',\n 'rhel-7-for-hpc-node-fastrack-source-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-7-hpc-node-debug-rpms',\n 'rhel-7-hpc-node-optional-debug-rpms',\n 'rhel-7-hpc-node-optional-rpms',\n 'rhel-7-hpc-node-optional-source-rpms',\n 'rhel-7-hpc-node-rpms',\n 'rhel-7-hpc-node-source-rpms'\n ],\n 'enterprise_linux_7_server': [\n 'rhel-7-for-system-z-a-debug-rpms',\n 'rhel-7-for-system-z-a-optional-debug-rpms',\n 'rhel-7-for-system-z-a-optional-rpms',\n 'rhel-7-for-system-z-a-optional-source-rpms',\n 'rhel-7-for-system-z-a-rpms',\n 'rhel-7-for-system-z-a-source-rpms',\n 'rhel-7-for-system-z-debug-rpms',\n 'rhel-7-for-system-z-fastrack-debug-rpms',\n 'rhel-7-for-system-z-fastrack-rpms',\n 'rhel-7-for-system-z-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-rpms',\n 'rhel-7-for-system-z-optional-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-rpms',\n 'rhel-7-for-system-z-optional-source-rpms',\n 'rhel-7-for-system-z-rpms',\n 'rhel-7-for-system-z-source-rpms',\n 'rhel-7-server-debug-rpms',\n 'rhel-7-server-fastrack-debug-rpms',\n 'rhel-7-server-fastrack-rpms',\n 'rhel-7-server-fastrack-source-rpms',\n 'rhel-7-server-optional-debug-rpms',\n 'rhel-7-server-optional-fastrack-debug-rpms',\n 'rhel-7-server-optional-fastrack-rpms',\n 'rhel-7-server-optional-fastrack-source-rpms',\n 'rhel-7-server-optional-rpms',\n 'rhel-7-server-optional-source-rpms',\n 'rhel-7-server-rpms',\n 'rhel-7-server-source-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-source-rpms',\n 'rhel-ha-for-rhel-7-server-debug-rpms',\n 'rhel-ha-for-rhel-7-server-rpms',\n 'rhel-ha-for-rhel-7-server-source-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-source-rpms',\n 'rhel-rs-for-rhel-7-server-debug-rpms',\n 'rhel-rs-for-rhel-7-server-rpms',\n 'rhel-rs-for-rhel-7-server-source-rpms'\n ],\n 'enterprise_linux_7_workstation': [\n 'rhel-7-workstation-debug-rpms',\n 'rhel-7-workstation-fastrack-debug-rpms',\n 'rhel-7-workstation-fastrack-rpms',\n 'rhel-7-workstation-fastrack-source-rpms',\n 'rhel-7-workstation-optional-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-rpms',\n 'rhel-7-workstation-optional-fastrack-source-rpms',\n 'rhel-7-workstation-optional-rpms',\n 'rhel-7-workstation-optional-source-rpms',\n 'rhel-7-workstation-rpms',\n 'rhel-7-workstation-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:2337');\n}\n\npkgs = [\n {'reference':'emacs-git-1.8.3.1-23.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'emacs-git-el-1.8.3.1-23.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-1.8.3.1-23.el7_8', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-1.8.3.1-23.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-all-1.8.3.1-23.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-bzr-1.8.3.1-23.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-cvs-1.8.3.1-23.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-daemon-1.8.3.1-23.el7_8', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-daemon-1.8.3.1-23.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-email-1.8.3.1-23.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-gnome-keyring-1.8.3.1-23.el7_8', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-gnome-keyring-1.8.3.1-23.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-gui-1.8.3.1-23.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-hg-1.8.3.1-23.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-instaweb-1.8.3.1-23.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-p4-1.8.3.1-23.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-svn-1.8.3.1-23.el7_8', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-svn-1.8.3.1-23.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'gitk-1.8.3.1-23.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'gitweb-1.8.3.1-23.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'perl-Git-1.8.3.1-23.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'perl-Git-SVN-1.8.3.1-23.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'emacs-git / emacs-git-el / git / git-all / git-bzr / git-cvs / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-09-14T13:15:16", "description": "Affected versions of Git have a vulnerability whereby Git can be\ntricked into sending private credentials to a host controlled by an\nattacker. This bug is similar to CVE-2020-5260 (GHSA-qm7j-c969-7j4q).\nThe fix for that bug still left the door open for an exploit where\n_some_ credential is leaked (but the attacker cannot control which\none). Git uses external 'credential helper' programs to store and\nretrieve passwords or other credentials from secure storage provided\nby the operating system. Specially crafted URLs that are considered\nillegal as of the recently published Git versions can cause Git to\nsend a 'blank' pattern to helpers, missing hostname and protocol\nfields. Many helpers will interpret this as matching _any_ URL, and\nwill return some unspecified stored password, leaking the password to\nan attacker's server. The vulnerability can be triggered by feeding a\nmalicious URL to `git clone`. However, the affected URLs look rather\nsuspicious; the likely vector would be through systems which\nautomatically clone URLs not visible to the user, such as Git\nsubmodules, or package systems built around Git. The root of the\nproblem is in Git itself, which should not be feeding blank input to\nhelpers. However, the ability to exploit the vulnerability in practice\ndepends on which helpers are in use. Credential helpers which are\nknown to trigger the vulnerability: - Git's 'store' helper - Git's\n'cache' helper - the 'osxkeychain' helper that ships in Git's\n'contrib' directory Credential helpers which are known to be safe even\nwith vulnerable versions of Git: - Git Credential Manager for Windows\nAny helper not in this list should be assumed to trigger the\nvulnerability. (CVE-2020-11008)\n\nAffected versions of Git have a vulnerability whereby Git can be\ntricked into sending private credentials to a host controlled by an\nattacker. Git uses external 'credential helper' programs to store and\nretrieve passwords or other credentials from secure storage provided\nby the operating system. Specially crafted URLs that contain an\nencoded newline can inject unintended values into the credential\nhelper protocol stream, causing the credential helper to retrieve the\npassword for one server (e.g., good.example.com) for an HTTP request\nbeing made to another server (e.g., evil.example.com), resulting in\ncredentials for the former being sent to the latter. There are no\nrestrictions on the relationship between the two, meaning that an\nattacker can craft a URL that will present stored credentials for any\nhost to a host of their choosing. The vulnerability can be triggered\nby feeding a malicious URL to git clone. However, the affected URLs\nlook rather suspicious; the likely vector would be through systems\nwhich automatically clone URLs not visible to the user, such as Git\nsubmodules, or package systems built around Git. The problem has been\npatched in the versions published on April 14th, 2020, going back to\nv2.17.x. Anyone wishing to backport the change further can do so by\napplying commit 9a6bbee (the full release includes extra checks for\ngit fsck, but that commit is sufficient to protect clients against the\nvulnerability). The patched versions are: 2.17.4, 2.18.3, 2.19.4,\n2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.\n(CVE-2020-5260)", "edition": 4, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-07-30T00:00:00", "title": "Amazon Linux AMI : git (ALAS-2020-1413)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-5260", "CVE-2020-11008"], "modified": "2020-07-30T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:gitweb", "p-cpe:/a:amazon:linux:git-bzr", "p-cpe:/a:amazon:linux:git-instaweb", "p-cpe:/a:amazon:linux:git-p4", "p-cpe:/a:amazon:linux:git-svn", "p-cpe:/a:amazon:linux:git-cvs", "p-cpe:/a:amazon:linux:git-core", "p-cpe:/a:amazon:linux:git-subtree", "p-cpe:/a:amazon:linux:git-debuginfo", "p-cpe:/a:amazon:linux:git-core-doc", "p-cpe:/a:amazon:linux:perl-Git-SVN", "p-cpe:/a:amazon:linux:git-email", "p-cpe:/a:amazon:linux:git-daemon", "p-cpe:/a:amazon:linux:git-all", "p-cpe:/a:amazon:linux:emacs-git", "p-cpe:/a:amazon:linux:git", "p-cpe:/a:amazon:linux:git-hg", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:perl-Git", "p-cpe:/a:amazon:linux:emacs-git-el"], "id": "ALA_ALAS-2020-1413.NASL", "href": "https://www.tenable.com/plugins/nessus/139093", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1413.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139093);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/13\");\n\n script_cve_id(\"CVE-2020-11008\", \"CVE-2020-5260\");\n script_xref(name:\"ALAS\", value:\"2020-1413\");\n\n script_name(english:\"Amazon Linux AMI : git (ALAS-2020-1413)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Affected versions of Git have a vulnerability whereby Git can be\ntricked into sending private credentials to a host controlled by an\nattacker. This bug is similar to CVE-2020-5260 (GHSA-qm7j-c969-7j4q).\nThe fix for that bug still left the door open for an exploit where\n_some_ credential is leaked (but the attacker cannot control which\none). Git uses external 'credential helper' programs to store and\nretrieve passwords or other credentials from secure storage provided\nby the operating system. Specially crafted URLs that are considered\nillegal as of the recently published Git versions can cause Git to\nsend a 'blank' pattern to helpers, missing hostname and protocol\nfields. Many helpers will interpret this as matching _any_ URL, and\nwill return some unspecified stored password, leaking the password to\nan attacker's server. The vulnerability can be triggered by feeding a\nmalicious URL to `git clone`. However, the affected URLs look rather\nsuspicious; the likely vector would be through systems which\nautomatically clone URLs not visible to the user, such as Git\nsubmodules, or package systems built around Git. The root of the\nproblem is in Git itself, which should not be feeding blank input to\nhelpers. However, the ability to exploit the vulnerability in practice\ndepends on which helpers are in use. Credential helpers which are\nknown to trigger the vulnerability: - Git's 'store' helper - Git's\n'cache' helper - the 'osxkeychain' helper that ships in Git's\n'contrib' directory Credential helpers which are known to be safe even\nwith vulnerable versions of Git: - Git Credential Manager for Windows\nAny helper not in this list should be assumed to trigger the\nvulnerability. (CVE-2020-11008)\n\nAffected versions of Git have a vulnerability whereby Git can be\ntricked into sending private credentials to a host controlled by an\nattacker. Git uses external 'credential helper' programs to store and\nretrieve passwords or other credentials from secure storage provided\nby the operating system. Specially crafted URLs that contain an\nencoded newline can inject unintended values into the credential\nhelper protocol stream, causing the credential helper to retrieve the\npassword for one server (e.g., good.example.com) for an HTTP request\nbeing made to another server (e.g., evil.example.com), resulting in\ncredentials for the former being sent to the latter. There are no\nrestrictions on the relationship between the two, meaning that an\nattacker can craft a URL that will present stored credentials for any\nhost to a host of their choosing. The vulnerability can be triggered\nby feeding a malicious URL to git clone. However, the affected URLs\nlook rather suspicious; the likely vector would be through systems\nwhich automatically clone URLs not visible to the user, such as Git\nsubmodules, or package systems built around Git. The problem has been\npatched in the versions published on April 14th, 2020, going back to\nv2.17.x. Anyone wishing to backport the change further can do so by\napplying commit 9a6bbee (the full release includes extra checks for\ngit fsck, but that commit is sufficient to protect clients against the\nvulnerability). The patched versions are: 2.17.4, 2.18.3, 2.19.4,\n2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.\n(CVE-2020-5260)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2020-1413.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update git' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-core-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-subtree\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"emacs-git-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"emacs-git-el-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-all-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-bzr-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-core-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-core-doc-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-cvs-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-daemon-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-debuginfo-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-email-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-hg-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-instaweb-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-p4-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-subtree-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"git-svn-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"gitweb-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Git-2.18.4-2.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Git-SVN-2.18.4-2.71.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs-git / emacs-git-el / git / git-all / git-bzr / git-core / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T12:06:35", "description": "The remote NewStart CGSL host, running version MAIN 6.01, has git packages installed that are affected by a\nvulnerability:\n\n - Affected versions of Git have a vulnerability whereby\n Git can be tricked into sending private credentials to a\n host controlled by an attacker. This bug is similar to\n CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug\n still left the door open for an exploit where _some_\n credential is leaked (but the attacker cannot control\n which one). Git uses external credential helper\n programs to store and retrieve passwords or other\n credentials from secure storage provided by the\n operating system. Specially-crafted URLs that are\n considered illegal as of the recently published Git\n versions can cause Git to send a blank pattern to\n helpers, missing hostname and protocol fields. Many\n helpers will interpret this as matching _any_ URL, and\n will return some unspecified stored password, leaking\n the password to an attacker's server. The vulnerability\n can be triggered by feeding a malicious URL to `git\n clone`. However, the affected URLs look rather\n suspicious; the likely vector would be through systems\n which automatically clone URLs not visible to the user,\n such as Git submodules, or package systems built around\n Git. The root of the problem is in Git itself, which\n should not be feeding blank input to helpers. However,\n the ability to exploit the vulnerability in practice\n depends on which helpers are in use. Credential helpers\n which are known to trigger the vulnerability: - Git's\n store helper - Git's cache helper - the\n osxkeychain helper that ships in Git's contrib\n directory Credential helpers which are known to be safe\n even with vulnerable versions of Git: - Git Credential\n Manager for Windows Any helper not in this list should\n be assumed to trigger the vulnerability.\n (CVE-2020-11008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 5, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-07-21T00:00:00", "title": "NewStart CGSL MAIN 6.01 : git Vulnerability (NS-SA-2020-0036)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-5260", "CVE-2020-11008"], "modified": "2020-07-21T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0036_GIT.NASL", "href": "https://www.tenable.com/plugins/nessus/138775", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0036. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138775);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2020-11008\");\n\n script_name(english:\"NewStart CGSL MAIN 6.01 : git Vulnerability (NS-SA-2020-0036)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.01, has git packages installed that are affected by a\nvulnerability:\n\n - Affected versions of Git have a vulnerability whereby\n Git can be tricked into sending private credentials to a\n host controlled by an attacker. This bug is similar to\n CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug\n still left the door open for an exploit where _some_\n credential is leaked (but the attacker cannot control\n which one). Git uses external credential helper\n programs to store and retrieve passwords or other\n credentials from secure storage provided by the\n operating system. Specially-crafted URLs that are\n considered illegal as of the recently published Git\n versions can cause Git to send a blank pattern to\n helpers, missing hostname and protocol fields. Many\n helpers will interpret this as matching _any_ URL, and\n will return some unspecified stored password, leaking\n the password to an attacker's server. The vulnerability\n can be triggered by feeding a malicious URL to `git\n clone`. However, the affected URLs look rather\n suspicious; the likely vector would be through systems\n which automatically clone URLs not visible to the user,\n such as Git submodules, or package systems built around\n Git. The root of the problem is in Git itself, which\n should not be feeding blank input to helpers. However,\n the ability to exploit the vulnerability in practice\n depends on which helpers are in use. Credential helpers\n which are known to trigger the vulnerability: - Git's\n store helper - Git's cache helper - the\n osxkeychain helper that ships in Git's contrib\n directory Credential helpers which are known to be safe\n even with vulnerable versions of Git: - Git Credential\n Manager for Windows Any helper not in this list should\n be assumed to trigger the vulnerability.\n (CVE-2020-11008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0036\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL git packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11008\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 6.01\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.01');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 6.01\": [\n \"git-2.18.4-2.el8_2\",\n \"git-all-2.18.4-2.el8_2\",\n \"git-core-2.18.4-2.el8_2\",\n \"git-core-debuginfo-2.18.4-2.el8_2\",\n \"git-core-doc-2.18.4-2.el8_2\",\n \"git-daemon-2.18.4-2.el8_2\",\n \"git-daemon-debuginfo-2.18.4-2.el8_2\",\n \"git-debuginfo-2.18.4-2.el8_2\",\n \"git-debugsource-2.18.4-2.el8_2\",\n \"git-email-2.18.4-2.el8_2\",\n \"git-gui-2.18.4-2.el8_2\",\n \"git-instaweb-2.18.4-2.el8_2\",\n \"git-subtree-2.18.4-2.el8_2\",\n \"git-svn-2.18.4-2.el8_2\",\n \"git-svn-debuginfo-2.18.4-2.el8_2\",\n \"gitk-2.18.4-2.el8_2\",\n \"gitweb-2.18.4-2.el8_2\",\n \"perl-Git-2.18.4-2.el8_2\",\n \"perl-Git-SVN-2.18.4-2.el8_2\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T09:04:57", "description": "According to the versions of the git packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - Affected versions of Git have a vulnerability whereby\n Git can be tricked into sending private credentials to\n a host controlled by an attacker. Git uses external\n 'credential helper' programs to store and retrieve\n passwords or other credentials from secure storage\n provided by the operating system. Specially-crafted\n URLs that contain an encoded newline can inject\n unintended values into the credential helper protocol\n stream, causing the credential helper to retrieve the\n password for one server (e.g., good.example.com) for an\n HTTP request being made to another server (e.g.,\n evil.example.com), resulting in credentials for the\n former being sent to the latter. There are no\n restrictions on the relationship between the two,\n meaning that an attacker can craft a URL that will\n present stored credentials for any host to a host of\n their choosing. The vulnerability can be triggered by\n feeding a malicious URL to git clone. However, the\n affected URLs look rather suspicious the likely vector\n would be through systems which automatically clone URLs\n not visible to the user, such as Git submodules, or\n package systems built around Git. The problem has been\n patched in the versions published on April 14th, 2020,\n going back to v2.17.x. Anyone wishing to backport the\n change further can do so by applying commit 9a6bbee\n (the full release includes extra checks for git fsck,\n but that commit is sufficient to protect clients\n against the vulnerability). The patched versions are:\n 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2,\n 2.24.2, 2.25.3, 2.26.1.(CVE-2020-5260)\n\n - Affected versions of Git have a vulnerability whereby\n Git can be tricked into sending private credentials to\n a host controlled by an attacker. This bug is similar\n to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that\n bug still left the door open for an exploit where\n _some_ credential is leaked (but the attacker cannot\n control which one). Git uses external 'credential\n helper' programs to store and retrieve passwords or\n other credentials from secure storage provided by the\n operating system. Specially-crafted URLs that are\n considered illegal as of the recently published Git\n versions can cause Git to send a 'blank' pattern to\n helpers, missing hostname and protocol fields. Many\n helpers will interpret this as matching _any_ URL, and\n will return some unspecified stored password, leaking\n the password to an attacker's server. The vulnerability\n can be triggered by feeding a malicious URL to `git\n clone`. However, the affected URLs look rather\n suspicious the likely vector would be through systems\n which automatically clone URLs not visible to the user,\n such as Git submodules, or package systems built around\n Git. The root of the problem is in Git itself, which\n should not be feeding blank input to helpers. However,\n the ability to exploit the vulnerability in practice\n depends on which helpers are in use. Credential helpers\n which are known to trigger the vulnerability: - Git's\n 'store' helper - Git's 'cache' helper - the\n 'osxkeychain' helper that ships in Git's 'contrib'\n directory Credential helpers which are known to be safe\n even with vulnerable versions of Git: - Git Credential\n Manager for Windows Any helper not in this list should\n be assumed to trigger the\n vulnerability.(CVE-2020-11008)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 6, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-06-25T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : git (EulerOS-SA-2020-1694)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-5260", "CVE-2020-11008"], "modified": "2020-06-25T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.6.0", "p-cpe:/a:huawei:euleros:git-core", "p-cpe:/a:huawei:euleros:git", "p-cpe:/a:huawei:euleros:perl-Git", "p-cpe:/a:huawei:euleros:git-core-doc"], "id": "EULEROS_SA-2020-1694.NASL", "href": "https://www.tenable.com/plugins/nessus/137801", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137801);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-11008\",\n \"CVE-2020-5260\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : git (EulerOS-SA-2020-1694)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the git packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - Affected versions of Git have a vulnerability whereby\n Git can be tricked into sending private credentials to\n a host controlled by an attacker. Git uses external\n 'credential helper' programs to store and retrieve\n passwords or other credentials from secure storage\n provided by the operating system. Specially-crafted\n URLs that contain an encoded newline can inject\n unintended values into the credential helper protocol\n stream, causing the credential helper to retrieve the\n password for one server (e.g., good.example.com) for an\n HTTP request being made to another server (e.g.,\n evil.example.com), resulting in credentials for the\n former being sent to the latter. There are no\n restrictions on the relationship between the two,\n meaning that an attacker can craft a URL that will\n present stored credentials for any host to a host of\n their choosing. The vulnerability can be triggered by\n feeding a malicious URL to git clone. However, the\n affected URLs look rather suspicious the likely vector\n would be through systems which automatically clone URLs\n not visible to the user, such as Git submodules, or\n package systems built around Git. The problem has been\n patched in the versions published on April 14th, 2020,\n going back to v2.17.x. Anyone wishing to backport the\n change further can do so by applying commit 9a6bbee\n (the full release includes extra checks for git fsck,\n but that commit is sufficient to protect clients\n against the vulnerability). The patched versions are:\n 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2,\n 2.24.2, 2.25.3, 2.26.1.(CVE-2020-5260)\n\n - Affected versions of Git have a vulnerability whereby\n Git can be tricked into sending private credentials to\n a host controlled by an attacker. This bug is similar\n to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that\n bug still left the door open for an exploit where\n _some_ credential is leaked (but the attacker cannot\n control which one). Git uses external 'credential\n helper' programs to store and retrieve passwords or\n other credentials from secure storage provided by the\n operating system. Specially-crafted URLs that are\n considered illegal as of the recently published Git\n versions can cause Git to send a 'blank' pattern to\n helpers, missing hostname and protocol fields. Many\n helpers will interpret this as matching _any_ URL, and\n will return some unspecified stored password, leaking\n the password to an attacker's server. The vulnerability\n can be triggered by feeding a malicious URL to `git\n clone`. However, the affected URLs look rather\n suspicious the likely vector would be through systems\n which automatically clone URLs not visible to the user,\n such as Git submodules, or package systems built around\n Git. The root of the problem is in Git itself, which\n should not be feeding blank input to helpers. However,\n the ability to exploit the vulnerability in practice\n depends on which helpers are in use. Credential helpers\n which are known to trigger the vulnerability: - Git's\n 'store' helper - Git's 'cache' helper - the\n 'osxkeychain' helper that ships in Git's 'contrib'\n directory Credential helpers which are known to be safe\n even with vulnerable versions of Git: - Git Credential\n Manager for Windows Any helper not in this list should\n be assumed to trigger the\n vulnerability.(CVE-2020-11008)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1694\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?12942ea4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:git-core-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"git-2.19.1-1.h7.eulerosv2r8\",\n \"git-core-2.19.1-1.h7.eulerosv2r8\",\n \"git-core-doc-2.19.1-1.h7.eulerosv2r8\",\n \"perl-Git-2.19.1-1.h7.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2021-02-02T06:52:24", "description": "An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-01-11T16:15:00", "title": "CVE-2018-11008", "type": "cve", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11008"], "modified": "2021-01-12T21:48:00", "cpe": [], "id": "CVE-2018-11008", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11008", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2021-02-02T07:36:58", "description": "Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-12T02:15:00", "title": "CVE-2020-14048", "type": "cve", "cwe": ["CWE-306"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14048"], "modified": "2020-06-17T18:16:00", "cpe": ["cpe:/a:zohocorp:manageengine_servicedesk_plus:9.0", "cpe:/a:zohocorp:manageengine_servicedesk_plus:9.4", "cpe:/a:zohocorp:manageengine_servicedesk_plus:11.1", "cpe:/a:zohocorp:manageengine_servicedesk_plus:10.5", "cpe:/a:zohocorp:manageengine_servicedesk_plus:8.2", "cpe:/a:zohocorp:manageengine_servicedesk_plus:9.1", "cpe:/a:zohocorp:manageengine_servicedesk_plus:11.0", "cpe:/a:zohocorp:manageengine_servicedesk_plus:9.2", "cpe:/a:zohocorp:manageengine_servicedesk_plus:9.3", "cpe:/a:zohocorp:manageengine_servicedesk_plus:10.0.0"], "id": "CVE-2020-14048", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14048", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9005:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9200:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9103:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9224:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9025:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9036:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9231:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8210:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9030:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9023:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11111:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:-:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9016:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10017:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9314:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11003:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10007:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9113:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10012:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9110:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9104:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9413:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9404:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9315:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9046:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9422:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9102:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8216:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:-:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9039:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11112:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9047:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9318:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9109:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9419:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8211:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9301:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9044:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9320:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9107:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11005:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9201:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10001:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9041:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9214:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9336:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9101:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9206:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9309:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9021:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10510:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9229:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11108:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9007:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9106:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9212:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9334:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9120:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11002:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9040:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9000:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9115:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9408:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:-:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:-:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9411:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9024:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9012:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9119:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9310:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11109:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9240:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9211:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9242:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9304:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9017:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9225:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9335:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9048:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:-:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10500:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9307:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9426:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9230:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8202:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9003:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9045:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9011:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9417:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8204:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9226:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9316:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8217:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11010:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9111:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9323:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9409:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11100:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10503:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9020:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10507:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10006:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9014:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9333:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9217:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9031:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9401:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9306:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9013:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9425:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9202:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11113:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9416:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9221:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9317:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9402:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9329:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8207:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9205:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9108:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10504:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9227:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9043:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9105:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9407:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9034:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10011:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9300:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9213:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10508:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9410:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9004:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11110:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10502:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:-:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10005:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9049:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11105:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10514:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10000:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8201:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9330:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9241:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11009:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9325:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10009:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9427:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9232:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9216:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9321:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9303:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10003:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10511:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9218:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8215:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8206:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11106:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11000:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9203:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9037:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9421:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10018:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10021:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10002:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9420:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9215:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9412:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9313:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9403:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10512:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10506:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10020:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9311:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8212:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9008:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11006:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9018:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9210:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9302:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9032:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9209:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9114:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9222:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:-:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11004:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11114:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10004:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:-:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9328:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9027:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10010:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9423:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9322:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9010:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9234:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9029:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9405:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11104:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9022:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9415:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10505:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8208:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:-:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9238:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9100:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9326:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9332:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10016:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10509:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9414:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8214:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10013:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10008:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9019:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9319:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9028:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9038:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9308:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11008:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9324:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9406:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9305:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9117:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9042:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9220:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9312:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10501:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8213:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9112:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11107:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9239:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9235:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11001:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11101:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9033:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9236:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9237:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11007:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9223:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9006:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9233:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9026:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8205:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9418:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:-:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9121:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9035:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9204:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11102:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9001:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9228:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9331:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8203:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9207:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10019:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9400:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9424:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11103:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9116:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10015:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9327:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10014:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9219:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9208:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9009:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10513:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9118:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9002:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8209:*:*:*:*:*:*"]}], "redhat": [{"lastseen": "2020-10-28T02:16:36", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0169", "CVE-2016-10739", "CVE-2018-14404", "CVE-2018-14498", "CVE-2018-16890", "CVE-2018-18074", "CVE-2018-18624", "CVE-2018-18751", "CVE-2018-19519", "CVE-2018-20060", "CVE-2018-20337", "CVE-2018-20483", "CVE-2018-20657", "CVE-2018-20852", "CVE-2018-9251", "CVE-2019-1010180", "CVE-2019-1010204", "CVE-2019-11070", "CVE-2019-11236", "CVE-2019-11324", "CVE-2019-11358", "CVE-2019-11459", "CVE-2019-12447", "CVE-2019-12448", "CVE-2019-12449", "CVE-2019-12450", "CVE-2019-12795", "CVE-2019-13232", "CVE-2019-13636", "CVE-2019-13752", "CVE-2019-13753", "CVE-2019-14822", "CVE-2019-14973", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1563", "CVE-2019-15718", "CVE-2019-15847", "CVE-2019-16056", "CVE-2019-16769", "CVE-2019-17451", "CVE-2019-18408", "CVE-2019-19126", "CVE-2019-19923", "CVE-2019-19924", "CVE-2019-19925", "CVE-2019-19959", "CVE-2019-3822", "CVE-2019-3823", "CVE-2019-3825", "CVE-2019-3843", "CVE-2019-3844", "CVE-2019-5094", "CVE-2019-5436", "CVE-2019-5481", "CVE-2019-5482", "CVE-2019-5953", "CVE-2019-6237", "CVE-2019-6251", "CVE-2019-6454", "CVE-2019-6706", "CVE-2019-7146", "CVE-2019-7149", "CVE-2019-7150", "CVE-2019-7664", "CVE-2019-7665", "CVE-2019-8457", "CVE-2019-8506", "CVE-2019-8518", "CVE-2019-8523", "CVE-2019-8524", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-8544", "CVE-2019-8558", "CVE-2019-8559", "CVE-2019-8563", "CVE-2019-8571", "CVE-2019-8583", "CVE-2019-8584", "CVE-2019-8586", "CVE-2019-8587", "CVE-2019-8594", "CVE-2019-8595", "CVE-2019-8596", "CVE-2019-8597", "CVE-2019-8601", "CVE-2019-8607", "CVE-2019-8608", "CVE-2019-8609", "CVE-2019-8610", "CVE-2019-8611", "CVE-2019-8615", "CVE-2019-8619", "CVE-2019-8622", "CVE-2019-8623", "CVE-2019-8666", "CVE-2019-8671", "CVE-2019-8672", "CVE-2019-8673", "CVE-2019-8675", "CVE-2019-8676", "CVE-2019-8677", "CVE-2019-8679", "CVE-2019-8681", "CVE-2019-8686", "CVE-2019-8687", "CVE-2019-8689", "CVE-2019-8690", "CVE-2019-8696", "CVE-2019-8726", "CVE-2019-8735", "CVE-2019-8768", "CVE-2020-10531", "CVE-2020-10715", "CVE-2020-10743", "CVE-2020-11008", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-11110", "CVE-2020-12049", "CVE-2020-12052", "CVE-2020-12245", "CVE-2020-13822", "CVE-2020-14040", "CVE-2020-14336", "CVE-2020-15366", "CVE-2020-15719", "CVE-2020-1712", "CVE-2020-7013", "CVE-2020-7598", "CVE-2020-7662", "CVE-2020-8203", "CVE-2020-8559", "CVE-2020-9283"], "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)\n\n* SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)\n\n* grafana: XSS vulnerability via a column style on the \"Dashboard > Table Panel\" screen (CVE-2018-18624)\n\n* js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)\n\n* npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769)\n\n* kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) (CVE-2020-7013)\n\n* nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598)\n\n* npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662)\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)\n\n* grafana: stored XSS (CVE-2020-11110)\n\n* grafana: XSS annotation popup vulnerability (CVE-2020-12052)\n\n* grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)\n\n* nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\n* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)\n\n* openshift/console: text injection on error page via crafted url (CVE-2020-10715)\n\n* kibana: X-Frame-Option not set by default might lead to clickjacking (CVE-2020-10743)\n\n* openshift: restricted SCC allows pods to craft custom network packets (CVE-2020-14336)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-10-28T04:36:30", "published": "2020-10-27T18:57:54", "id": "RHSA-2020:4298", "href": "https://access.redhat.com/errata/RHSA-2020:4298", "type": "redhat", "title": "(RHSA-2020:4298) Moderate: OpenShift Container Platform 4.6.1 image security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-31T10:07:42", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11008", "CVE-2020-5260"], "description": "Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es):\n\n* git: Crafted URL containing new lines can cause credential leak (CVE-2020-5260)\n\n* git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-08-31T12:41:02", "published": "2020-08-31T12:20:35", "id": "RHSA-2020:3581", "href": "https://access.redhat.com/errata/RHSA-2020:3581", "type": "redhat", "title": "(RHSA-2020:3581) Important: git security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-07-28T20:03:39", "bulletinFamily": "unix", "cvelist": ["CVE-2018-14404", "CVE-2018-18074", "CVE-2018-19519", "CVE-2018-20060", "CVE-2018-20337", "CVE-2018-20852", "CVE-2018-7263", "CVE-2018-9251", "CVE-2019-1010180", "CVE-2019-1010204", "CVE-2019-11236", "CVE-2019-11324", "CVE-2019-12447", "CVE-2019-12448", "CVE-2019-12449", "CVE-2019-13232", "CVE-2019-13752", "CVE-2019-13753", "CVE-2019-14563", "CVE-2019-14822", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1563", "CVE-2019-15847", "CVE-2019-16056", "CVE-2019-17451", "CVE-2019-19126", "CVE-2019-19232", "CVE-2019-19807", "CVE-2019-19923", "CVE-2019-19924", "CVE-2019-19925", "CVE-2019-19959", "CVE-2019-3016", "CVE-2019-3825", "CVE-2019-5094", "CVE-2019-5436", "CVE-2019-5481", "CVE-2019-5482", "CVE-2019-8457", "CVE-2020-10749", "CVE-2020-10754", "CVE-2020-10757", "CVE-2020-10766", "CVE-2020-10767", "CVE-2020-10768", "CVE-2020-11008", "CVE-2020-11080", "CVE-2020-12049", "CVE-2020-12653", "CVE-2020-12654", "CVE-2020-12662", "CVE-2020-12663", "CVE-2020-12888", "CVE-2020-13777", "CVE-2020-14316", "CVE-2020-8616", "CVE-2020-8617"], "description": "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.\n\nSecurity Fix(es):\n\n* kubevirt: VMIs can be used to access host files (CVE-2020-14316)\n\n* containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters (CVE-2020-10749)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nThis update also fixes several bugs and adds various enhancements.\n\nThis advisory contains the following OpenShift Virtualization 2.4.0 images:\n\nRHEL-7-CNV-2.4\n==============\nkubevirt-ssp-operator-container-v2.4.0-71\n\nRHEL-8-CNV-2.4\n==============\nvirt-cdi-controller-container-v2.4.0-29\nvirt-cdi-uploadproxy-container-v2.4.0-29\nhostpath-provisioner-container-v2.4.0-25\nvirt-cdi-operator-container-v2.4.0-29\nkubevirt-metrics-collector-container-v2.4.0-18\ncnv-containernetworking-plugins-container-v2.4.0-36\nkubevirt-kvm-info-nfd-plugin-container-v2.4.0-18\nhostpath-provisioner-operator-container-v2.4.0-31\nvirt-cdi-uploadserver-container-v2.4.0-29\nvirt-cdi-apiserver-container-v2.4.0-29\nvirt-controller-container-v2.4.0-58\nvirt-cdi-cloner-container-v2.4.0-29\nkubevirt-template-validator-container-v2.4.0-21\nvm-import-operator-container-v2.4.0-21\nkubernetes-nmstate-handler-container-v2.4.0-37\nnode-maintenance-operator-container-v2.4.0-27\nvirt-operator-container-v2.4.0-58\nkubevirt-v2v-conversion-container-v2.4.0-23\ncnv-must-gather-container-v2.4.0-73\nvirtio-win-container-v2.4.0-15\nkubevirt-cpu-node-labeller-container-v2.4.0-19\novs-cni-plugin-container-v2.4.0-37\nkubevirt-vmware-container-v2.4.0-21\nhyperconverged-cluster-operator-container-v2.4.0-70\nvirt-handler-container-v2.4.0-58\nvirt-cdi-importer-container-v2.4.0-29\nvirt-launcher-container-v2.4.0-58\nkubevirt-cpu-model-nfd-plugin-container-v2.4.0-17\nvirt-api-container-v2.4.0-58\novs-cni-marker-container-v2.4.0-38\nkubemacpool-container-v2.4.0-39\ncluster-network-addons-operator-container-v2.4.0-38\nbridge-marker-container-v2.4.0-39\nvm-import-controller-container-v2.4.0-21\nhco-bundle-registry-container-v2.3.0-497", "modified": "2020-07-28T22:06:05", "published": "2020-07-28T22:02:45", "id": "RHSA-2020:3194", "href": "https://access.redhat.com/errata/RHSA-2020:3194", "type": "redhat", "title": "(RHSA-2020:3194) Important: Container-native Virtualization security, bug fix, and enhancement update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:36:07", "bulletinFamily": "unix", "cvelist": ["CVE-2020-5260", "CVE-2020-11008"], "description": "**Issue Overview:**\n\nAffected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to [CVE-2020-5260 __](<https://access.redhat.com/security/cve/CVE-2020-5260>)(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external \"credential helper\" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a \"blank\" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's \"store\" helper - Git's \"cache\" helper - the \"osxkeychain\" helper that ships in Git's \"contrib\" directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability. ([CVE-2020-11008 __](<https://access.redhat.com/security/cve/CVE-2020-11008>))\n\nAffected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external \"credential helper\" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1. ([CVE-2020-5260 __](<https://access.redhat.com/security/cve/CVE-2020-5260>))\n\n \n**Affected Packages:** \n\n\ngit\n\n \n**Issue Correction:** \nRun _yum update git_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n git-subtree-2.18.4-2.71.amzn1.i686 \n git-core-2.18.4-2.71.amzn1.i686 \n git-svn-2.18.4-2.71.amzn1.i686 \n git-debuginfo-2.18.4-2.71.amzn1.i686 \n git-2.18.4-2.71.amzn1.i686 \n git-daemon-2.18.4-2.71.amzn1.i686 \n git-instaweb-2.18.4-2.71.amzn1.i686 \n \n noarch: \n emacs-git-el-2.18.4-2.71.amzn1.noarch \n emacs-git-2.18.4-2.71.amzn1.noarch \n git-bzr-2.18.4-2.71.amzn1.noarch \n git-all-2.18.4-2.71.amzn1.noarch \n gitweb-2.18.4-2.71.amzn1.noarch \n git-cvs-2.18.4-2.71.amzn1.noarch \n git-email-2.18.4-2.71.amzn1.noarch \n git-hg-2.18.4-2.71.amzn1.noarch \n perl-Git-SVN-2.18.4-2.71.amzn1.noarch \n git-core-doc-2.18.4-2.71.amzn1.noarch \n git-p4-2.18.4-2.71.amzn1.noarch \n perl-Git-2.18.4-2.71.amzn1.noarch \n \n src: \n git-2.18.4-2.71.amzn1.src \n \n x86_64: \n git-svn-2.18.4-2.71.amzn1.x86_64 \n git-subtree-2.18.4-2.71.amzn1.x86_64 \n git-debuginfo-2.18.4-2.71.amzn1.x86_64 \n git-core-2.18.4-2.71.amzn1.x86_64 \n git-2.18.4-2.71.amzn1.x86_64 \n git-instaweb-2.18.4-2.71.amzn1.x86_64 \n git-daemon-2.18.4-2.71.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2020-07-28T17:23:00", "published": "2020-07-28T17:23:00", "id": "ALAS-2020-1413", "href": "https://alas.aws.amazon.com/ALAS-2020-1413.html", "title": "Important: git", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2020-06-29T17:48:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-5260", "CVE-2020-11008"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-06-26T00:00:00", "published": "2020-06-26T00:00:00", "id": "OPENVAS:1361412562311220201694", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201694", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for git (EulerOS-SA-2020-1694)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1694\");\n script_version(\"2020-06-26T07:27:01+0000\");\n script_cve_id(\"CVE-2020-11008\", \"CVE-2020-5260\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-06-26 07:27:01 +0000 (Fri, 26 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-26 07:27:01 +0000 (Fri, 26 Jun 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for git (EulerOS-SA-2020-1694)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.6\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1694\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1694\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'git' package(s) announced via the EulerOS-SA-2020-1694 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external 'credential helper' programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious, the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.(CVE-2020-5260)\n\nAffected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external 'credential helper' programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a 'blank' pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious, the likely vector would be through systems which automatically clone URLs not visible to ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'git' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.6.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.6.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"git\", rpm:\"git~2.19.1~1.h7.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-core\", rpm:\"git-core~2.19.1~1.h7.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-core-doc\", rpm:\"git-core-doc~2.19.1~1.h7.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Git\", rpm:\"perl-Git~2.19.1~1.h7.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-06-04T15:43:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-5260", "CVE-2020-11008"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-06-03T00:00:00", "published": "2020-06-03T00:00:00", "id": "OPENVAS:1361412562311220201598", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201598", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for git (EulerOS-SA-2020-1598)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1598\");\n script_version(\"2020-06-03T06:05:28+0000\");\n script_cve_id(\"CVE-2020-11008\", \"CVE-2020-5260\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-06-03 06:05:28 +0000 (Wed, 03 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-03 06:05:28 +0000 (Wed, 03 Jun 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for git (EulerOS-SA-2020-1598)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1598\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1598\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'git' package(s) announced via the EulerOS-SA-2020-1598 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external 'credential helper' programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a 'blank' pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious, the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's 'store' helper - Git's 'cache' helper - the 'osxkeychain' helper that ships in Git's 'contrib' directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability.(CVE-2020-11008)\n\nAffected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external 'credential helper' programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the af ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'git' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"git\", rpm:\"git~2.23.0~1.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-core\", rpm:\"git-core~2.23.0~1.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-core-doc\", rpm:\"git-core-doc~2.23.0~1.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Git\", rpm:\"perl-Git~2.23.0~1.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}