7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
github.com/src-d/go-git is vulnerable to remote code execution (RCE) attacks. A malicious user can pass a .gitmodules
file to the application to cause arbitrary code to be executed on a target machine that runs the git clone --recurse-submodules
command. This is related to CVE-2018-11235.
CPE | Name | Operator | Version |
---|---|---|---|
git | eq | 1.8.3.1__13.el7 | |
rh-git29-git | eq | 2.9.3__3.el7 | |
rh-git29-git | eq | 2.9.3__3.el6 | |
rh-git29-git | eq | 2.9.3__2.el6 | |
git:3.6 | eq | 2.13.7-r2 |
lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html
www.securityfocus.com/bid/104345
www.securitytracker.com/id/1040991
access.redhat.com/errata/RHSA-2018:1957
access.redhat.com/errata/RHSA-2018:2147
access.redhat.com/security/updates/classification/#important
blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/
marc.info/?l=git&m=152761328506724&w=2
security.gentoo.org/glsa/201805-13
usn.ubuntu.com/3671-1/
www.debian.org/security/2018/dsa-4212
www.exploit-db.com/exploits/44822/
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P