Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:43336
HistorySep 21, 2023 - 11:12 a.m.

Arbitrary File Overwrite

2023-09-2111:12:57
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
55
arbitrary file overwrite
vulnerable
symbolic link
git repository
jgit
cloned repository
case-insensitive filesystem
windows
macos

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

58.0%

org.eclipse.jgit is vulnerable to Arbitrary File Overwrite. The vulnerability is due to a symbolic link present in a specially crafted git repository which can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem such as Windows and MacOS.

Affected configurations

Vulners
Node
-jgit_-_coreRange6.6.0.202305301015-r
VendorProductVersionCPE
-jgit_-_core*cpe:2.3:a:-:jgit_-_core:*:*:*:*:*:*:*:*

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

58.0%