Veracode Vulnerability DatabaseVERACODE:18641Privilege Escalation
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
Git is vulnerable to privilege escalation attacks. A remote authenticated user could supply a specially crafted repository name to break out of the restricted git-shell and gain elevated privileges on the target system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| rh-git29-git | eq | 2.9.3__2.el6 | |
| git:3.3 | eq | 2.6.6-r0 | |
| git:stretch | eq | 1:2.11.0-3+deb9u7 |
References
lists.opensuse.org/opensuse-updates/2017-05/msg00090.html
public-inbox.org/git/[email protected]/
www.debian.org/security/2017/dsa-3848
www.securityfocus.com/bid/98409
www.securitytracker.com/id/1038479
www.ubuntu.com/usn/USN-3287-1
access.redhat.com/errata/RHSA-2017:2004
access.redhat.com/errata/RHSA-2017:2491
access.redhat.com/security/updates/classification/#important
insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/
kernel.googlesource.com/pub/scm/git/git/+/3ec804490a265f4c418a321428c12f3f18b7eff5
lists.fedoraproject.org/archives/list/[email protected]/message/3ISHYFLM2ACYHHY3JHCLF75X7UF4ZMDM/
lists.fedoraproject.org/archives/list/[email protected]/message/DPYRN7APMHY4ZFDPAKD22J5R4QJFY2JP/
lists.fedoraproject.org/archives/list/[email protected]/message/FDS3LSJJ3YGGQYIVPKQDVOCXWDSF6JGF/
security.gentoo.org/glsa/201706-04
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P