Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-4759
HistorySep 12, 2023 - 12:00 a.m.

CVE-2023-4759

2023-09-1200:00:00
ubuntu.com
ubuntu.com
18
arbitrary file overwrite
eclipse jgit 6.6.0
remote code execution
symbolic links
case-insensitive filesystems

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.002

Percentile

58.0%

Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all
versions <= 6.6.0.202305301015-r, a symbolic link present in a specially
crafted git repository can be used to write a file to locations outside the
working tree when this repository is cloned with JGit to a case-insensitive
filesystem, or when a checkout from a clone of such a repository is
performed on a case-insensitive filesystem. This can happen on checkout
(DirCacheCheckout), merge (ResolveMerger via its WorkingTreeUpdater), pull
(PullCommand using merge), and when applying a patch (PatchApplier). This
can be exploited for remote code execution (RCE), for instance if the file
written outside the working tree is a git filter that gets executed on a
subsequent git command. The issue occurs only on case-insensitive
filesystems, like the default filesystems on Windows and macOS. The user
performing the clone or checkout must have the rights to create symbolic
links for the problem to occur, and symbolic links must be enabled in the
git configuration. Setting git configuration option core.symlinks = false
before checking out avoids the problem. The issue was fixed in Eclipse JGit
version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via Maven
Central https://repo1.maven.org/maven2/org/eclipse/jgit/ and
repo.eclipse.org
https://repo.eclipse.org/content/repositories/jgit-releases/ . A backport
is available in 5.13.3 starting from 5.13.3.202401111512-r. The JGit
maintainers would like to thank RyotaK for finding and reporting this
issue.

Notes

Author Note
Priority reason: As per the CVE description, this issue only occurs in case-insensitive filesystems, and Ubuntu’s filesystem is case sensitive.

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.002

Percentile

58.0%