Lucene search
GitHub_MCVE-2023-23946HistoryFeb 14, 2023 - 8:15 p.m.
CVE-2023-23946
2023-02-1420:15:17
CWE-22
GitHub_M
web.nvd.nist.gov
310
git
vulnerability
path traversal
security
nvd
cve-2023-23946
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
7.3
Confidence
High
EPSS
0.001
Percentile
45.7%
Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to git apply, a path outside the working tree can be overwritten as the user who is running git apply. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use git apply --stat to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link.
Affected configurations
Node
git-scmgitRange<2.30.8
ORgit-scmgitRange2.31.0–2.31.7
ORgit-scmgitRange2.32.0–2.32.6
ORgit-scmgitRange2.33.0–2.33.7
ORgit-scmgitRange2.34.0–2.34.7
ORgit-scmgitRange2.35.0–2.35.7
ORgit-scmgitRange2.36.0–2.36.5
ORgit-scmgitRange2.37.0–2.37.6
ORgit-scmgitRange2.38.0–2.38.4
ORgit-scmgitRange2.39.0–2.39.2
CNA Affected
[
{
"vendor": "git",
"product": "git",
"versions": [
{
"version": ">= 2.39.0, < 2.39.2",
"status": "affected"
},
{
"version": ">= 2.38.0, < 2.38.4",
"status": "affected"
},
{
"version": ">= 2.37.0, < 2.37.6",
"status": "affected"
},
{
"version": ">= 2.36.0, < 2.36.5",
"status": "affected"
},
{
"version": ">= 2.35.0, < 2.35.7",
"status": "affected"
},
{
"version": ">= 2.34.0, < 2.34.7",
"status": "affected"
},
{
"version": ">= 2.33.0, < 2.33.7",
"status": "affected"
},
{
"version": ">= 2.32.0, < 2.32.6",
"status": "affected"
},
{
"version": ">= 2.31.0, < 2.31.7",
"status": "affected"
},
{
"version": "< 2.30.8",
"status": "affected"
}
]
}
]Related
cbl_mariner
cbl_mariner
CVE-2023-23946 affecting package git 2.33.6-1
2023-03-16 03:39:40
nessus
nessus
FreeBSD : git -- git apply overwriting paths outside the working tree (21f12de8-b1db-11ed-b0f4-002590f2a714)
2023-02-21 00:00:00
GitLab 0.0 < 15.6.8 / 15.7 < 15.7.7 / 15.8 < 15.8.2 (CVE-2023-23946)
2023-02-24 00:00:00
Amazon Linux AMI : git (ALAS-2023-1700)
2023-03-07 00:00:00
nvd
nvd
CVE-2023-23946
2023-02-14 20:15:17
ubuntucve
ubuntucve
CVE-2023-23946
2023-02-14 00:00:00
prion
prion
Path traversal
2023-02-14 20:15:00
osv
osv
CGA-8pcc-f78r-q8h2
2024-06-06 12:25:15
CVE-2023-23946
2023-02-14 20:15:17
git - security update
2023-02-23 00:00:00
redhatcve
redhatcve
CVE-2023-23946
2023-02-17 15:59:20
mscve
mscve
GitHub: CVE-2023-23946 mingit Remote Code Execution Vulnerability
2023-03-14 07:00:00
debiancve
debiancve
CVE-2023-23946
2023-02-14 20:15:17
veracode
veracode
Path Traversal
2023-02-15 05:26:54
alpinelinux
alpinelinux
CVE-2023-23946
2023-02-14 20:15:17
cgr
cgr
CVE-2023-23946 vulnerabilities
2024-05-19 03:07:16
cvelist
cvelist
CVE-2023-23946 Git's `git apply` overwriting paths outside the working tree
2023-02-14 19:48:00
githubexploit
githubexploit
Exploit for Path Traversal in Git-Scm Git
2023-09-07 10:07:25
freebsd
freebsd
git -- "git apply" overwriting paths outside the working tree
2023-02-14 00:00:00
wolfi
wolfi
CVE-2023-23946 vulnerabilities
2024-09-28 21:12:41
fedora
fedora
[SECURITY] Fedora 37 Update: git-2.39.2-1.fc37
2023-02-16 02:06:58
[SECURITY] Fedora 36 Update: git-2.39.2-1.fc36
2023-02-22 11:10:29
openvas
openvas
Debian: Security Advisory (DSA-5357-1)
2023-02-24 00:00:00
openSUSE: Security Advisory for git (SUSE-SU-2023:0430-1)
2024-03-04 00:00:00
Fedora: Security Advisory for git (FEDORA-2023-5b372318ff)
2023-02-17 00:00:00
kaspersky
kaspersky
KLA20236 Multiple vulnerabilities in Git for Windows
2023-02-14 00:00:00
KLA48555 Multiple vulnerabilities in Microsoft Developer Tools
2023-03-14 00:00:00
debian
debian
[SECURITY] [DLA 3338-1] git security update
2023-02-23 17:05:47
[SECURITY] [DSA 5357-1] git security update
2023-02-23 06:31:03
ubuntu
ubuntu
Git vulnerabilities
2023-02-14 00:00:00
cloudfoundry
cloudfoundry
USN-5871-1: Git vulnerabilities | Cloud Foundry
2023-02-24 00:00:00
redos
redos
ROS-20230322-03
2023-03-22 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package git version 2.33.7-alt1
2023-02-20 00:00:00
github
github
Git security vulnerabilities announced
2023-02-14 18:45:56
mageia
mageia
Updated git packages fix security vulnerability
2023-02-27 23:27:16
amazon
amazon
Medium: git
2023-03-02 20:22:00
Medium: git
2023-03-02 22:36:00
slackware
slackware
[slackware-security] git
2023-02-15 19:51:52
cloudlinux
cloudlinux
git: Fix of 4 CVEs
2023-02-24 09:34:40
oraclelinux
oraclelinux
git security update
2023-05-24 00:00:00
git security update
2023-05-23 00:00:00
redhat
redhat
(RHSA-2023:3245) Important: git security update
2023-05-22 06:38:10
(RHSA-2023:3246) Important: git security update
2023-05-22 06:38:12
(RHSA-2024:0407) Moderate: git security update
2024-01-24 14:40:19
rocky
rocky
git security update
2023-05-25 02:36:20
almalinux
almalinux
Important: git security update
2023-05-22 00:00:00
Important: git security update
2023-05-22 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2292
2023-11-14 13:25:27
Advisory ROSA-SA-2024-2398
2024-04-11 08:08:00
gentoo
gentoo
Git: Multiple Vulnerabilities
2023-12-27 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - March 2023
2023-03-14 23:46:44
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
7.3
Confidence
High
EPSS
0.001
Percentile
45.7%
Related for CVE-2023-23946