Lucene search
Veracode Vulnerability DatabaseVERACODE:22208HistoryDec 20, 2019 - 12:15 a.m.
Authorization Bypass
2019-12-2000:15:19
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.077 Low
EPSS
Percentile
94.2%
git is vulnerable to authorization bypass. The vulnerability exists through the Recursive submodule cloning that allows using git directory twice with synonymous directory name written in .git/.
| CPE | Name | Operator | Version |
|---|---|---|---|
| git | eq | 2.18.1__3.el8 | |
| rh-git218-git | eq | 2.18.1__3.el7 | |
| rh-git218-git | eq | 2.18.1__2.el7 | |
| git:3.11 | eq | 2.24.1-r0 | |
| git:3.7 | eq | 2.15.3-r0 |
References
lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html
access.redhat.com/errata/RHSA-2019:4356
access.redhat.com/errata/RHSA-2020:0228
access.redhat.com/security/updates/classification/#important
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1349
public-inbox.org/git/[email protected]/
Related
symantec
symantec
redhatcve
redhatcve
mscve
mscve
Git for Visual Studio Remote Code Execution Vulnerability
2019-12-10 08:00:00
mageia
mageia
Updated git packages fix security vulnerabilities
2019-12-15 21:03:05
openvas
openvas
Mageia: Security Advisory (MGASA-2019-0393)
2022-01-28 00:00:00
Debian: Security Advisory (DLA-2059-1)
2020-01-24 00:00:00
Debian: Security Advisory (DSA-4581-1)
2019-12-11 00:00:00
redhat
redhat
(RHSA-2020:0228) Important: git security update
2020-01-27 08:04:40
(RHSA-2019:4356) Important: git security update
2019-12-19 18:18:24
(RHSA-2020:0002) Important: rh-git218-git security update
2020-01-02 08:21:54
nessus
nessus
RHEL 7 : rh-git218-git (RHSA-2020:0002)
2023-01-23 00:00:00
Oracle Linux 8 : git (ELSA-2019-4356)
2019-12-23 00:00:00
RHEL 8 : git (RHSA-2019:4356)
2019-12-20 00:00:00
archlinux
archlinux
[ASA-201912-5] libgit2: arbitrary code execution
2019-12-18 00:00:00
[ASA-201912-6] git: arbitrary code execution
2019-12-18 00:00:00
ubuntucve
ubuntucve
alpinelinux
alpinelinux
cvelist
cvelist
osv
osv
CVE-2019-1352
2020-01-24 21:15:12
git - security update
2020-01-06 00:00:00
CVE-2019-1349
2020-01-24 21:15:12
debiancve
debiancve
cve
cve
nvd
nvd
debian
debian
[SECURITY] [DLA 2059-1] git security update
2020-01-23 14:27:34
[SECURITY] [DSA 4581-1] git security update
2019-12-10 19:56:55
[SECURITY] [DSA 4581-1] git security update
2019-12-10 19:56:55
prion
prion
Remote code execution
2020-01-24 21:15:00
Remote code execution
2020-01-24 21:15:00
Remote code execution
2020-01-24 21:15:00
kaspersky
kaspersky
KLA11618 Multiple vulnerabilities in Microsoft Developer Tools
2019-12-10 00:00:00
oraclelinux
oraclelinux
git security update
2019-12-19 00:00:00
qualysblog
qualysblog
fedora
fedora
[SECURITY] Fedora 31 Update: libgit2-0.28.4-1.fc31
2019-12-17 01:46:03
[SECURITY] Fedora 31 Update: git-2.24.1-1.fc31
2019-12-18 01:56:26
[SECURITY] Fedora 30 Update: git-2.21.1-1.fc30
2020-01-04 22:16:13
amazon
amazon
altlinux
altlinux
Security fix for the ALT Linux 8 package git version 2.24.1-alt1
2019-12-12 00:00:00
Security fix for the ALT Linux 10 package git version 2.24.1-alt1
2019-12-08 00:00:00
gentoo
gentoo
Git: Multiple vulnerabilities
2020-03-15 00:00:00
ubuntu
ubuntu
Git vulnerabilities
2019-12-10 00:00:00
cloudfoundry
cloudfoundry
USN-4220-1: Git vulnerabilities | Cloud Foundry
2019-12-18 00:00:00
suse
suse
Security update for git (important)
2020-01-29 00:00:00
Security update for git (moderate)
2020-05-02 00:00:00
threatpost
threatpost
Microsoft Zaps Actively Exploited Zero-Day Bug
2019-12-10 21:21:24