Lucene search
Cloud FoundryCFOUNDRY:69CE057373E45B8B47E6145E42562370HistoryMay 26, 2017 - 12:00 a.m.
USN-3287-1: Git vulnerability | Cloud Foundry
2017-05-2600:00:00
Cloud Foundry
www.cloudfoundry.org
20
0.002 Low
EPSS
Percentile
60.8%
Severity
Medium
Vendor
Canonical Ubuntu
Versions Affected
- Canonical Ubuntu 14.04
Description
Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. A remote attacker could possibly use this issue to run an interactive pager and access sensitive information.
Affected Cloud Foundry Products and Versions
Severity is medium unless otherwise noted.
- All versions of Cloud Foundry cflinuxfs2 prior to 1.120.0
Mitigation
OSS users are strongly encouraged to follow one of the mitigations below:
- The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 versions 1.120.0 or later.
References
Related
debian
debian
[SECURITY] [DLA 938-1] git security update
2017-05-10 19:56:02
[SECURITY] [DSA 3848-1] git security update
2017-05-10 06:41:40
[SECURITY] [DSA 3848-1] git security update
2017-05-10 06:41:40
nessus
nessus
Debian DSA-3848-1 : git - security update
2017-05-11 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : Git vulnerability (USN-3287-1)
2017-05-16 00:00:00
Debian DLA-938-1 : git security update
2017-05-11 00:00:00
prion
prion
Code injection
2017-06-01 16:29:00
openvas
openvas
Fedora Update for git FEDORA-2017-f4319b6dfc
2017-05-15 00:00:00
Debian Security Advisory DSA 3848-1 (git - security update)
2017-05-10 00:00:00
Fedora Update for git FEDORA-2017-01a7989fc0
2017-05-28 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: git-2.7.5-1.fc24
2017-05-28 03:57:33
[SECURITY] Fedora 26 Update: git-2.13.0-1.fc26
2017-05-14 20:24:52
[SECURITY] Fedora 25 Update: git-2.9.4-1.fc25
2017-05-15 04:44:36
alpinelinux
alpinelinux
CVE-2017-8386
2017-06-01 16:29:00
redhatcve
redhatcve
CVE-2017-8386
2017-05-12 12:49:10
osv
osv
git - security update
2017-05-10 00:00:00
git - security update
2017-05-10 00:00:00
CVE-2017-8386
2017-06-01 16:29:00
veracode
veracode
Privilege Escalation
2019-05-02 06:45:20
archlinux
archlinux
[ASA-201705-14] git: access restriction bypass
2017-05-12 00:00:00
ubuntucve
ubuntucve
CVE-2017-8386
2017-05-10 00:00:00
gentoo
gentoo
Git: Security bypass
2017-06-06 00:00:00
seebug
seebug
Git Shell Bypass By Abusing Less (CVE-2017-8386)
2017-05-11 00:00:00
nvd
nvd
CVE-2017-8386
2017-06-01 16:29:00
ubuntu
ubuntu
Git vulnerability
2017-05-15 00:00:00
amazon
amazon
Medium: git
2017-06-06 17:07:00
mageia
mageia
Updated git packages fix security vulnerability
2017-06-04 02:35:54
cve
cve
CVE-2017-8386
2017-06-01 16:29:00
altlinux
altlinux
Security fix for the ALT Linux 8 package git version 2.10.3-alt1
2017-05-11 00:00:00
Security fix for the ALT Linux 10 package git version 2.10.3-alt1
2017-05-11 00:00:00
debiancve
debiancve
CVE-2017-8386
2017-06-01 16:29:00
cvelist
cvelist
CVE-2017-8386
2017-06-01 16:00:00
redhat
redhat
(RHSA-2017:2491) Important: rh-git29-git security update
2017-08-17 21:33:27
(RHSA-2017:2004) Moderate: git security and bug fix update
2017-08-01 05:57:16
centos
centos
emacs, git, gitk, gitweb, perl security update
2017-08-24 01:37:18
ibm
ibm
Security Bulletin: Vulnerabilities in git affect PowerKVM
2018-06-18 01:38:04
oraclelinux
oraclelinux
git security and bug fix update
2017-08-07 00:00:00