Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cloudfoundryCloud FoundryCFOUNDRY:926CF3F800861FCA5C7C29329B1991E8
HistoryApr 04, 2017 - 12:00 a.m.

USN-3243-1: Git vulnerability | Cloud Foundry

2017-04-0400:00:00
Cloud Foundry
www.cloudfoundry.org
25

0.008 Low

EPSS

Percentile

81.5%

JSON

Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 14.04

Description

It was discovered that Git incorrectly sanitized branch names in the PS1 variable when configured to display the repository status in the shell prompt. If a user were tricked into exploring a malicious repository, a remote attacker could use this issue to execute arbitrary code.

Affected Cloud Foundry Products and Versions

Severity is medium unless otherwise noted.

  • All versions of Cloud Foundry cflinuxfs2 prior to 1.111.0

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

  • The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 versions 1.111.0 or later.

References

Related

cvelist 1
ubuntu 1
nvd 1
nessus 8
cve 1
prion 1
openvas 5
ubuntucve 1
debiancve 1
redhat 1
centos 1
ibm 1
oraclelinux 1
cvelist
cvelist
CVE-2014-9938
2017-03-20 00:00:00
ubuntu
ubuntu
Git vulnerability
2017-03-23 00:00:00
nvd
nvd
CVE-2014-9938
2017-03-20 00:59:00
nessus
nessus
Ubuntu 14.04 LTS : Git vulnerability (USN-3243-1)
2017-03-24 00:00:00
Oracle Linux 7 : git (ELSA-2017-2004)
2017-08-09 00:00:00
RHEL 7 : git (RHSA-2017:2004)
2017-08-02 00:00:00
cve
cve
CVE-2014-9938
2017-03-20 00:59:00
prion
prion
Design/Logic Flaw
2017-03-20 00:59:00
openvas
openvas
Ubuntu: Security Advisory (USN-3243-1)
2017-03-24 00:00:00
Huawei EulerOS: Security Advisory for git (EulerOS-SA-2017-1187)
2020-01-23 00:00:00
RedHat Update for git RHSA-2017:2004-01
2017-08-04 00:00:00
ubuntucve
ubuntucve
CVE-2014-9938
2017-03-19 00:00:00
debiancve
debiancve
CVE-2014-9938
2017-03-20 00:59:00
redhat
redhat
(RHSA-2017:2004) Moderate: git security and bug fix update
2017-08-01 05:57:16
centos
centos
emacs, git, gitk, gitweb, perl security update
2017-08-24 01:37:18
ibm
ibm
Security Bulletin: Vulnerabilities in git affect PowerKVM
2018-06-18 01:38:04
oraclelinux
oraclelinux
git security and bug fix update
2017-08-07 00:00:00

0.008 Low

EPSS

Percentile

81.5%

JSON
Related for CFOUNDRY:926CF3F800861FCA5C7C29329B1991E8
cvelist1ubuntu1nvd1nessus8cve1prion1openvas5ubuntucve1debiancve1redhat1centos1ibm1oraclelinux1