7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
75.0%
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7,
2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a
specially crafted .gitmodules
file with submodule URLs that are longer
than 1024 characters can used to exploit a bug in
config.c::git_config_copy_or_rename_section_in_file()
. This bug can be
used to inject arbitrary configuration into a user’s $GIT_DIR/config
when
attempting to remove the configuration section associated with that
submodule. When the attacker injects configuration values which specify
executables to run (such as core.pager
, core.editor
, core.sshCommand
,
etc.) this can lead to a remote code execution. A fix A fix is available in
versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7,
2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running git submodule deinit
on untrusted repositories or without prior inspection of any
submodule sections in $GIT_DIR/config
.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | git | < 1:2.17.1-1ubuntu0.18 | UNKNOWN |
ubuntu | 20.04 | noarch | git | < 1:2.25.1-1ubuntu3.11 | UNKNOWN |
ubuntu | 22.04 | noarch | git | < 1:2.34.1-1ubuntu1.9 | UNKNOWN |
ubuntu | 22.10 | noarch | git | < 1:2.37.2-1ubuntu1.5 | UNKNOWN |
ubuntu | 23.04 | noarch | git | < 1:2.39.2-1ubuntu1.1 | UNKNOWN |
ubuntu | 16.04 | noarch | git | < 1:2.7.4-0ubuntu1.10+esm7 | UNKNOWN |