5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
33.2%
libgit2 is vulnerable to Improper Input Validation. When using an SSH remote with the optional libssh2
backend, it does not perform certificate checking by default subjecting to a man-in-the-middle attack
CPE | Name | Operator | Version |
---|---|---|---|
libgit2:3.17 | eq | 1.5.0-r2 | |
libgit2:3.17 | eq | 1.5.0-r2 |
www.openwall.com/lists/oss-security/2023/11/06/5
github.com/libgit2/libgit2/commit/42e5db98b963ae503229c63e44e06e439df50e56
github.com/libgit2/libgit2/commit/cd6f679af401eda1f172402006ef8265f8bd58ea
github.com/libgit2/libgit2/releases/tag/v1.4.5
github.com/libgit2/libgit2/releases/tag/v1.5.1
github.com/libgit2/libgit2/security/advisories/GHSA-8643-3wh5-rmjq
secdb.alpinelinux.org/v3.17/community.yaml
www.libssh2.org
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
33.2%