Lucene search
HashiCorpVULNRICHMENT:CVE-2024-6257HistoryJun 25, 2024 - 4:31 p.m.
CVE-2024-6257 HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation
2024-06-2516:31:03
CWE-77
HashiCorp
github.com
1
hashicorp
go-getter
git update
code execution
8.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
7.7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution.
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Shared library",
"repo": "https://github.com/hashicorp/go-getter",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "1.7.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
osv
osv
CGA-grwc-xwh5-vfhw
2024-06-26 12:04:24
HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation
2024-06-25 18:31:22
CGA-p58v-7jgp-wxgq
2024-06-26 12:04:27
nvd
nvd
CVE-2024-6257
2024-06-25 17:15:10
redhatcve
redhatcve
CVE-2024-6257
2024-06-25 19:21:11
wolfi
wolfi
CVE-2024-6257 vulnerabilities
2024-07-06 03:08:40
github
github
debiancve
debiancve
CVE-2024-6257
2024-06-25 17:15:10
ubuntucve
ubuntucve
CVE-2024-6257
2024-06-25 00:00:00
cve
cve
CVE-2024-6257
2024-06-25 17:15:10
cvelist
cvelist
veracode
veracode
Command Injection
2024-06-26 06:23:22
8.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
7.7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Related for VULNRICHMENT:CVE-2024-6257