CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
58.0%
Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all
versions <= 6.6.0.202305301015-r, a symbolic link present in a specially
crafted git repository can be used to write a file to locations outside the
working tree when this repository is cloned with JGit to a case-insensitive
filesystem, or when a checkout from a clone of such a repository is
performed on a case-insensitive filesystem. This can happen on checkout
(DirCacheCheckout), merge (ResolveMerger via its WorkingTreeUpdater), pull
(PullCommand using merge), and when applying a patch (PatchApplier). This
can be exploited for remote code execution (RCE), for instance if the file
written outside the working tree is a git filter that gets executed on a
subsequent git command. The issue occurs only on case-insensitive
filesystems, like the default filesystems on Windows and macOS. The user
performing the clone or checkout must have the rights to create symbolic
links for the problem to occur, and symbolic links must be enabled in the
git configuration. Setting git configuration option core.symlinks = false
before checking out avoids the problem. The issue was fixed in Eclipse JGit
version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via Maven
Central https://repo1.maven.org/maven2/org/eclipse/jgit/ and
repo.eclipse.org
https://repo.eclipse.org/content/repositories/jgit-releases/ . A backport
is available in 5.13.3 starting from 5.13.3.202401111512-r. The JGit
maintainers would like to thank RyotaK for finding and reporting this
issue.
Author | Note |
---|---|
Priority reason: As per the CVE description, this issue only occurs in case-insensitive filesystems, and Ubuntu’s filesystem is case sensitive. |
git.eclipse.org/c/jgit/jgit.git/commit/?id=9072103f3b3cf64dd12ad2949836ab98f62dabf1
git.eclipse.org/c/jgit/jgit.git/commit/?id=9072103f3b3cf64dd12ad2949836ab98f62dabf1 (v6.6.1.202309021850-r)
gitlab.eclipse.org/security/vulnerability-reports/-/issues/11
launchpad.net/bugs/cve/CVE-2023-4759
nvd.nist.gov/vuln/detail/CVE-2023-4759
projects.eclipse.org/projects/technology.jgit/releases/6.6.1
security-tracker.debian.org/tracker/CVE-2023-4759
www.cve.org/CVERecord?id=CVE-2023-4759
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
58.0%