what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2022-39253

Status Candidate

Overview

Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.

Related Files

Gentoo Linux Security Advisory 202312-15
Posted Dec 27, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202312-15 - Several vulnerabilities have been found in Git, the worst of which could lead to remote code execution. Versions greater than or equal to 2.39.3 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2022-23521, CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2022-41903, CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007
SHA-256 | 40da540c38bd337ca3d0a368d288902ef88dd450d5f78bccef5cef2ef2758381
Red Hat Security Advisory 2023-2859-01
Posted May 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2859-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260
SHA-256 | 5972862db2b99cd76fbd52618d485ef63597c8d8a998aba739b194b445e06598
Red Hat Security Advisory 2023-2319-01
Posted May 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2319-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260
SHA-256 | 2098c73a1f8398640e4aea36237386bb82d33a6b03b5e3b2b5cb62059184e459
Ubuntu Security Notice USN-5686-4
Posted Mar 29, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5686-4 - USN-5686-1 fixed several vulnerabilities in Git. This update provides the corresponding fix for CVE-2022-39253 on Ubuntu 16.04 ESM. Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-39253
SHA-256 | 93b68810ab10025c233c7cd0129438f78a84102fc34e3ae4a3e7d59d71e2b8de
Debian Security Advisory 5332-1
Posted Jan 30, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5332-1 - Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.

tags | advisory, remote, arbitrary, shell, local, code execution
systems | linux, debian
advisories | CVE-2022-23521, CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2022-41903
SHA-256 | da3283ba137fd88f874430e108ec655e6a4a13b1797054b92dadf3a00e03641d
Ubuntu Security Notice USN-5686-3
Posted Nov 21, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5686-3 - USN-5686-1 fixed vulnerabilities in Git. This update provides the corresponding updates for Ubuntu 22.10. Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-39253, CVE-2022-39260
SHA-256 | ee6b56d4f6035bcabf57319cafc39810937a6a150e50bbd6feb67edb93813e2e
Apple Security Advisory 2022-11-01-1
Posted Nov 8, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-11-01-1 - Xcode 14.1 addresses code execution vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2022-42797
SHA-256 | 283ad9d8171efece3850247f493b6534fc49e5c0a1da52d7fc3564099bd20c39
Ubuntu Security Notice USN-5686-1
Posted Oct 18, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5686-1 - Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour. Kevin Backhouse discovered that Git incorrectly handled certain command strings. An attacker could possibly use this issue to arbitrary code execution.

tags | advisory, arbitrary, code execution
systems | linux, ubuntu
advisories | CVE-2022-39253, CVE-2022-39260
SHA-256 | c699a9bd555fb4922c18021b0fbfc11f65ddedf4fd6d1d4bb837d79ba1110921
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close