7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
git is vulnerable to information disclosure. A malicious URL containing new lines, empty host or lacks a scheme can cause credential leak.
lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html
seclists.org/fulldisclosure/2020/May/41
access.redhat.com/errata/RHSA-2020:1975
access.redhat.com/security/updates/classification/#important
github.com/git/git/commit/c44088ecc4b0722636e0a305f9608d3047197282
github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7
github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q
lists.debian.org/debian-lts-announce/2020/04/msg00015.html
lists.fedoraproject.org/archives/list/[email protected]/message/74Q7WVJ6FKLIN62VS2JD2XCNWK5TNKOW/
lists.fedoraproject.org/archives/list/[email protected]/message/MOCTR2SEHCPSCOVUQJAGFPGKFMI2VE6V/
lists.fedoraproject.org/archives/list/[email protected]/message/PN3FUOXKX3AXTULYV53ACABER2W2FSOU/
security.gentoo.org/glsa/202004-13
support.apple.com/kb/HT211183
usn.ubuntu.com/4334-1/
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N