7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0005 Low
EPSS
Percentile
15.6%
Git is a distributed revision control system. Git prior to versions 2.37.1,
2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable
to privilege escalation in all platforms. An unsuspecting user could still
be affected by the issue reported in CVE-2022-24765, for example when
navigating as root into a shared tmp directory that is owned by them, but
where an attacker could create a git repository. Versions 2.37.1, 2.36.2,
2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this
issue. The simplest way to avoid being affected by the exploit described in
the example is to avoid running git as root (or an Administrator in
Windows), and if needed to reduce its use to a minimum. While a generic
workaround is not possible, a system could be hardened from the exploit
described in the example by removing any such repository if it exists
already and creating one as root to block any future attacks.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | git | < 1:2.17.1-1ubuntu0.12 | UNKNOWN |
ubuntu | 20.04 | noarch | git | < 1:2.25.1-1ubuntu3.5 | UNKNOWN |
ubuntu | 21.10 | noarch | git | < 1:2.32.0-1ubuntu1.3 | UNKNOWN |
ubuntu | 22.04 | noarch | git | < 1:2.34.1-1ubuntu1.4 | UNKNOWN |
ubuntu | 22.10 | noarch | git | < 1:2.36.1-1ubuntu2 | UNKNOWN |
ubuntu | 23.04 | noarch | git | < 1:2.36.1-1ubuntu2 | UNKNOWN |
ubuntu | 23.10 | noarch | git | < 1:2.36.1-1ubuntu2 | UNKNOWN |
ubuntu | 16.04 | noarch | git | < any | UNKNOWN |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0005 Low
EPSS
Percentile
15.6%