ID

VAR-202204-0692


CVE

CVE-2022-24765


TITLE

Git for Windows  Vulnerability regarding uncontrolled search path elements in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009728

DESCRIPTION

Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`. Git for Windows Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ========================================================================== Ubuntu Security Notice USN-5376-1 April 12, 2022 git vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Git could be made to run arbitrary commands in platforms with multiple users support. An attacker could possibly use this issue to run arbitrary commands. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: git 1:2.32.0-1ubuntu1.1 Ubuntu 20.04 LTS: git 1:2.25.1-1ubuntu3.3 Ubuntu 18.04 LTS: git 1:2.17.1-1ubuntu0.10 In general, a standard system update will make all the necessary changes. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell. This update includes two changes of behavior that may affect certain setup: - It stops when directory traversal changes ownership from the current user while looking for a top-level git directory, a user could make an exception by using the new safe.directory configuration. - The default of protocol.file.allow has been changed from "always" to "user". For the stable distribution (bullseye), these problems have been fixed in version 1:2.30.2-1+deb11u1. We recommend that you upgrade your git packages. For the detailed security status of git please refer to its security tracker page at: https://security-tracker.debian.org/tracker/git Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmPWoBQACgkQO1LKKgqv 2VQ9Ugf/amidAHmXSaPDpk9Hs52ttiUPJ6uMJRYyJI/KQ3o5eoQfdzYmVT9ACsuK XxT7Xd5JqkHZMJyABeqm42JJgOiyV5GUx2ZrsQ3M5UE2HD2keWxaJmrkj6VlzkFs qHOynAgprllBmw3RfHkyjybQEG4dtmiLk5+gJZK0MYxAaKzyeNi7dnLEllYOf+Xi dn3aSk8edTVqT80jdMIfBeOn1f/Zb+9kSHyVOezku1NfYES1dnA7RaOAkKmw/JkR HYnuxpdAfkb2K1z6LmDkLWpTQU7CbOPcPpWBWgkuD6tQmKjppx5MYuDZ+hW0y6aV EI1gHfi7qbZ3+b+nxEa9CTvap0d8QA== =Vh4D -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202312-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Git: Multiple Vulnerabilities Date: December 27, 2023 Bugs: #838127, #857831, #877565, #891221, #894472, #905088 ID: 202312-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Several vulnerabilities have been found in Git, the worst of which could lead to remote code execution. Background ========== Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Affected packages ================= Package Vulnerable Unaffected ----------- ------------ ------------ dev-vcs/git < 2.39.3 >= 2.39.3 Description =========== Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Git users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.39.3" References ========== [ 1 ] CVE-2022-23521 https://nvd.nist.gov/vuln/detail/CVE-2022-23521 [ 2 ] CVE-2022-24765 https://nvd.nist.gov/vuln/detail/CVE-2022-24765 [ 3 ] CVE-2022-29187 https://nvd.nist.gov/vuln/detail/CVE-2022-29187 [ 4 ] CVE-2022-39253 https://nvd.nist.gov/vuln/detail/CVE-2022-39253 [ 5 ] CVE-2022-39260 https://nvd.nist.gov/vuln/detail/CVE-2022-39260 [ 6 ] CVE-2022-41903 https://nvd.nist.gov/vuln/detail/CVE-2022-41903 [ 7 ] CVE-2023-22490 https://nvd.nist.gov/vuln/detail/CVE-2023-22490 [ 8 ] CVE-2023-23946 https://nvd.nist.gov/vuln/detail/CVE-2023-23946 [ 9 ] CVE-2023-25652 https://nvd.nist.gov/vuln/detail/CVE-2023-25652 [ 10 ] CVE-2023-25815 https://nvd.nist.gov/vuln/detail/CVE-2023-25815 [ 11 ] CVE-2023-29007 https://nvd.nist.gov/vuln/detail/CVE-2023-29007 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202312-15 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . The following advisory data is extracted from: https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0407.json Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: git security and bug fix update Advisory ID: RHSA-2023:2319-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2319 Issue date: 2023-05-09 CVE Names: CVE-2022-24765 CVE-2022-29187 CVE-2022-39253 CVE-2022-39260 ==================================================================== 1. Summary: An update for git is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es): * git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree (CVE-2022-24765) * git: Bypass of safe.directory protections (CVE-2022-29187) * git: exposure of sensitive information to a malicious actor (CVE-2022-39253) * git: git shell function that splits command arguments can lead to arbitrary heap writes. (CVE-2022-39260) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2073414 - CVE-2022-24765 git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree 2107439 - CVE-2022-29187 git: Bypass of safe.directory protections 2137422 - CVE-2022-39253 git: exposure of sensitive information to a malicious actor 2137423 - CVE-2022-39260 git: git shell function that splits command arguments can lead to arbitrary heap writes. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: git-2.39.1-1.el9.src.rpm aarch64: git-2.39.1-1.el9.aarch64.rpm git-core-2.39.1-1.el9.aarch64.rpm git-core-debuginfo-2.39.1-1.el9.aarch64.rpm git-credential-libsecret-2.39.1-1.el9.aarch64.rpm git-credential-libsecret-debuginfo-2.39.1-1.el9.aarch64.rpm git-daemon-2.39.1-1.el9.aarch64.rpm git-daemon-debuginfo-2.39.1-1.el9.aarch64.rpm git-debuginfo-2.39.1-1.el9.aarch64.rpm git-debugsource-2.39.1-1.el9.aarch64.rpm git-subtree-2.39.1-1.el9.aarch64.rpm noarch: git-all-2.39.1-1.el9.noarch.rpm git-core-doc-2.39.1-1.el9.noarch.rpm git-email-2.39.1-1.el9.noarch.rpm git-gui-2.39.1-1.el9.noarch.rpm git-instaweb-2.39.1-1.el9.noarch.rpm git-svn-2.39.1-1.el9.noarch.rpm gitk-2.39.1-1.el9.noarch.rpm gitweb-2.39.1-1.el9.noarch.rpm perl-Git-2.39.1-1.el9.noarch.rpm perl-Git-SVN-2.39.1-1.el9.noarch.rpm ppc64le: git-2.39.1-1.el9.ppc64le.rpm git-core-2.39.1-1.el9.ppc64le.rpm git-core-debuginfo-2.39.1-1.el9.ppc64le.rpm git-credential-libsecret-2.39.1-1.el9.ppc64le.rpm git-credential-libsecret-debuginfo-2.39.1-1.el9.ppc64le.rpm git-daemon-2.39.1-1.el9.ppc64le.rpm git-daemon-debuginfo-2.39.1-1.el9.ppc64le.rpm git-debuginfo-2.39.1-1.el9.ppc64le.rpm git-debugsource-2.39.1-1.el9.ppc64le.rpm git-subtree-2.39.1-1.el9.ppc64le.rpm s390x: git-2.39.1-1.el9.s390x.rpm git-core-2.39.1-1.el9.s390x.rpm git-core-debuginfo-2.39.1-1.el9.s390x.rpm git-credential-libsecret-2.39.1-1.el9.s390x.rpm git-credential-libsecret-debuginfo-2.39.1-1.el9.s390x.rpm git-daemon-2.39.1-1.el9.s390x.rpm git-daemon-debuginfo-2.39.1-1.el9.s390x.rpm git-debuginfo-2.39.1-1.el9.s390x.rpm git-debugsource-2.39.1-1.el9.s390x.rpm git-subtree-2.39.1-1.el9.s390x.rpm x86_64: git-2.39.1-1.el9.x86_64.rpm git-core-2.39.1-1.el9.x86_64.rpm git-core-debuginfo-2.39.1-1.el9.x86_64.rpm git-credential-libsecret-2.39.1-1.el9.x86_64.rpm git-credential-libsecret-debuginfo-2.39.1-1.el9.x86_64.rpm git-daemon-2.39.1-1.el9.x86_64.rpm git-daemon-debuginfo-2.39.1-1.el9.x86_64.rpm git-debuginfo-2.39.1-1.el9.x86_64.rpm git-debugsource-2.39.1-1.el9.x86_64.rpm git-subtree-2.39.1-1.el9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-24765 https://access.redhat.com/security/cve/CVE-2022-29187 https://access.redhat.com/security/cve/CVE-2022-39253 https://access.redhat.com/security/cve/CVE-2022-39260 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZFo03tzjgjWX9erEAQhYSg//bKkon2hHN6jSsXXntqw9ViT5zo9r/KTD cV+t7GM4ipVK8j4EW8EnQKrJBWAzsEhqM2vh9MvM/PpTQ2I/JP53YbTed0qgxE3T SU07XMVbh1BA7OKyJ+eKfWJLBT03/VzzaepqQPwyHyFDAegJ/L9DlZOkHc9NJrfa R+N2Hde/TmUlnRl737ltWtQHE1QSTV1PQZuXb3AEWm6FDe7O62F0GpsuIWj1z8oo IIDLHRjp/mCqT6/A70NIRQvcwhLfRYYMOezKL80iGi7WwRokwEScDFE+gzB9FLrf pjNBFZkQVVxMVYOejArmPuLINaEdZJo/HAOiEtw9gOTzALyKFbWwOHDmSzz1hgbz kqFtZgwnpVZNs3UubXCgWeP4aU9xueZeyBHKNQKVERODtrKFt5jbpPrXu6qGyP9O 6GSgMbUDO5OMqOhTKQiMbKj5gO2DfOIO6vNP5eFwvSXPJG0ZlPIzAJD1cwZdtsVK wWBIMfjjc8zUh8OYm+CWg/lgpZLkQxe/wtFcC7Pw1u7nkN95npMXM3O75R8xe1zg xsa+wzjCmVRwrO2gLnT7/NUkY3saShCvBD+A82trnasbVlI/49oiojZY1PI3CZtz afQDlfLvgygNkV3e5CGe5p9PILwmFbrpALV43dEz6eY+MbeuoE6I7ON8tYtmx4Ds hOpSLJjOLjE=YQQZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.43

sources: NVD: CVE-2022-24765 // JVNDB: JVNDB-2022-009728 // VULHUB: VHN-414584 // VULMON: CVE-2022-24765 // PACKETSTORM: 167744 // PACKETSTORM: 166705 // PACKETSTORM: 170787 // PACKETSTORM: 176313 // PACKETSTORM: 176728 // PACKETSTORM: 172366 // PACKETSTORM: 172210

AFFECTED PRODUCTS

vendor:fedoraprojectmodel:fedorascope:eqversion:37

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:git scmmodel:gitscope:ltversion:2.35.2

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:36

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

vendor:applemodel:xcodescope:ltversion:13.4

Trust: 1.0

vendor:fedoramodel:fedorascope: - version: -

Trust: 0.8

vendor:アップルmodel:xcodescope: - version: -

Trust: 0.8

vendor:git scmmodel:gitscope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-009728 // NVD: CVE-2022-24765

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-24765
value: HIGH

Trust: 1.0

security-advisories@github.com: CVE-2022-24765
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-24765
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202204-2943
value: HIGH

Trust: 0.6

VULHUB: VHN-414584
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-24765
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-24765
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-414584
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-24765
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

security-advisories@github.com: CVE-2022-24765
baseSeverity: MEDIUM
baseScore: 6.0
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2022-24765
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-414584 // VULMON: CVE-2022-24765 // JVNDB: JVNDB-2022-009728 // CNNVD: CNNVD-202204-2943 // NVD: CVE-2022-24765 // NVD: CVE-2022-24765

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.1

problemtype:Uncontrolled search path elements (CWE-427) [ others ]

Trust: 0.8

sources: VULHUB: VHN-414584 // JVNDB: JVNDB-2022-009728 // NVD: CVE-2022-24765

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202204-2943

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202204-2943

PATCH

title:Uncontrolled search for the Git directory in Git for Windows Apple Apple Security Updatesurl:https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html

Trust: 0.8

title:Git for Windows Fixes for code issue vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=190447

Trust: 0.6

title:Ubuntu Security Notice: USN-5511-1: Git vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5511-1

Trust: 0.1

title:Amazon Linux AMI: ALAS-2022-1589url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2022-1589

Trust: 0.1

title:Debian CVElist Bug Report Logs: git: CVE-2022-29187url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=31324a5ad54489fd6559d515d47be3cb

Trust: 0.1

title:Red Hat: Moderate: git security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20232319 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: git security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20232859 - Security Advisory

Trust: 0.1

title:Amazon Linux 2: ALAS2-2022-1810url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1810

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2022-24765

Trust: 0.1

title:Amazon Linux 2022: ALAS2022-2022-067url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-067

Trust: 0.1

title:Amazon Linux 2022: ALAS-2022-236url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS-2022-236

Trust: 0.1

title:act-fail-exampleurl:https://github.com/makiuchi-d/act-fail-example

Trust: 0.1

title:https://github.com/hdclark/Ygorurl:https://github.com/hdclark/Ygor

Trust: 0.1

title:JDim - 2ch browser for linuxurl:https://github.com/JDimproved/JDim

Trust: 0.1

title:BISDN Linux build systemurl:https://github.com/bisdn/bisdn-linux

Trust: 0.1

title:Table of Contents Introduction GitHub Useful linksurl:https://github.com/davetang/getting_started_with_git

Trust: 0.1

title:https://github.com/9069332997/session-1-full-stackurl:https://github.com/9069332997/session-1-full-stack

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2022/04/13/git_vuln/

Trust: 0.1

sources: VULMON: CVE-2022-24765 // JVNDB: JVNDB-2022-009728 // CNNVD: CNNVD-202204-2943

EXTERNAL IDS

db:NVDid:CVE-2022-24765

Trust: 4.1

db:OPENWALLid:OSS-SECURITY/2022/04/12/7

Trust: 1.8

db:PACKETSTORMid:167744

Trust: 0.8

db:PACKETSTORMid:170787

Trust: 0.8

db:JVNDBid:JVNDB-2022-009728

Trust: 0.8

db:PACKETSTORMid:167204

Trust: 0.7

db:PACKETSTORMid:166705

Trust: 0.7

db:CS-HELPid:SB2022061215

Trust: 0.6

db:CS-HELPid:SB2022071350

Trust: 0.6

db:CS-HELPid:SB2022041314

Trust: 0.6

db:CS-HELPid:SB2022072638

Trust: 0.6

db:CS-HELPid:SB2022072538

Trust: 0.6

db:CS-HELPid:SB2022071416

Trust: 0.6

db:CS-HELPid:SB2022051709

Trust: 0.6

db:CS-HELPid:SB2022041265

Trust: 0.6

db:CS-HELPid:SB2022042574

Trust: 0.6

db:CS-HELPid:SB2022041513

Trust: 0.6

db:PACKETSTORMid:166827

Trust: 0.6

db:AUSCERTid:ESB-2022.1595

Trust: 0.6

db:AUSCERTid:ESB-2022.1809

Trust: 0.6

db:AUSCERTid:ESB-2022.3430

Trust: 0.6

db:AUSCERTid:ESB-2022.4630

Trust: 0.6

db:AUSCERTid:ESB-2022.3674

Trust: 0.6

db:CNNVDid:CNNVD-202204-2943

Trust: 0.6

db:VULHUBid:VHN-414584

Trust: 0.1

db:ICS CERTid:ICSA-24-046-11

Trust: 0.1

db:VULMONid:CVE-2022-24765

Trust: 0.1

db:PACKETSTORMid:176313

Trust: 0.1

db:PACKETSTORMid:176728

Trust: 0.1

db:PACKETSTORMid:172366

Trust: 0.1

db:PACKETSTORMid:172210

Trust: 0.1

sources: VULHUB: VHN-414584 // VULMON: CVE-2022-24765 // JVNDB: JVNDB-2022-009728 // PACKETSTORM: 167744 // PACKETSTORM: 166705 // PACKETSTORM: 170787 // PACKETSTORM: 176313 // PACKETSTORM: 176728 // PACKETSTORM: 172366 // PACKETSTORM: 172210 // CNNVD: CNNVD-202204-2943 // NVD: CVE-2022-24765

REFERENCES

url:https://support.apple.com/kb/ht213261

Trust: 1.8

url:https://github.com/git-for-windows/git/security/advisories/ghsa-vw2c-22j4-2fh2

Trust: 1.8

url:http://seclists.org/fulldisclosure/2022/may/31

Trust: 1.8

url:https://git-scm.com/book/en/v2/appendix-a%3a-git-in-other-environments-git-in-bash

Trust: 1.8

url:https://git-scm.com/docs/git#documentation/git.txt-codegitceilingdirectoriescode

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html

Trust: 1.8

url:http://www.openwall.com/lists/oss-security/2022/04/12/7

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-24765

Trust: 1.5

url:https://security.gentoo.org/glsa/202312-15

Trust: 1.2

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ptn5nyehyn2oqshsamcnicznk2u4qh6/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/benqytdgul6tf3ualy6gsiexihuiynwm/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/slp42kiz6hactvzmzljlfjq4w2xyt27m/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/trzg5cduq27owtpc5mqor4uasnxhwezs/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ddi325loo2xbddklinoaqjeg6mhaurze/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/dikwiswudft2faityia6372bvlh3oooc/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/yrocmbwyfkrss64po6funm6l7lkbukvw/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hvoler2pigmhpqmdgg4rde2kzb74qla2/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/udzrzal7qulob6v7mkt66momwjlbjpx4/

Trust: 1.1

url:https://access.redhat.com/security/cve/cve-2022-24765

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ddi325loo2xbddklinoaqjeg6mhaurze/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/slp42kiz6hactvzmzljlfjq4w2xyt27m/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/benqytdgul6tf3ualy6gsiexihuiynwm/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/trzg5cduq27owtpc5mqor4uasnxhwezs/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5ptn5nyehyn2oqshsamcnicznk2u4qh6/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hvoler2pigmhpqmdgg4rde2kzb74qla2/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/udzrzal7qulob6v7mkt66momwjlbjpx4/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/dikwiswudft2faityia6372bvlh3oooc/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/yrocmbwyfkrss64po6funm6l7lkbukvw/

Trust: 0.7

url:https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-24765

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1595

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022041513

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022041314

Trust: 0.6

url:https://packetstormsecurity.com/files/166827/ubuntu-security-notice-usn-5376-2.html

Trust: 0.6

url:https://support.apple.com/en-us/ht213261

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1809

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4630

Trust: 0.6

url:https://packetstormsecurity.com/files/170787/debian-security-advisory-5332-1.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022071416

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022071350

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022051709

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022041265

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022042574

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022061215

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-24765/

Trust: 0.6

url:https://vigilance.fr/vulnerability/git-code-execution-via-multi-user-machines-38033

Trust: 0.6

url:https://packetstormsecurity.com/files/166705/ubuntu-security-notice-usn-5376-1.html

Trust: 0.6

url:https://packetstormsecurity.com/files/167204/apple-security-advisory-2022-05-16-8.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3430

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072638

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3674

Trust: 0.6

url:https://packetstormsecurity.com/files/167744/ubuntu-security-notice-usn-5511-1.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072538

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-29187

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-39253

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-39260

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.3

url:https://ubuntu.com/security/notices/usn-5511-1

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-41903

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23521

Trust: 0.2

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-39260

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-39253

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-29187

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/427.html

Trust: 0.1

url:https://github.com/makiuchi-d/act-fail-example

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11

Trust: 0.1

url:https://alas.aws.amazon.com/alas-2022-1589.html

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/git/1:2.25.1-1ubuntu3.5

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/git/1:2.34.1-1ubuntu1.4

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/git/1:2.17.1-1ubuntu0.12

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/git/1:2.32.0-1ubuntu1.3

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/git/1:2.17.1-1ubuntu0.10

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5376-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/git/1:2.25.1-1ubuntu3.3

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/git/1:2.32.0-1ubuntu1.1

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://security-tracker.debian.org/tracker/git

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-29007

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-25815

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23946

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-25652

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-22490

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=2168160

Trust: 0.1

url:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0407.json

Trust: 0.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=2107439

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2024:0407

Trust: 0.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=2168161

Trust: 0.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=2137422

Trust: 0.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=2073414

Trust: 0.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=2137423

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:2859

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:2319

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

Trust: 0.1

sources: VULHUB: VHN-414584 // VULMON: CVE-2022-24765 // JVNDB: JVNDB-2022-009728 // PACKETSTORM: 167744 // PACKETSTORM: 166705 // PACKETSTORM: 170787 // PACKETSTORM: 176313 // PACKETSTORM: 176728 // PACKETSTORM: 172366 // PACKETSTORM: 172210 // CNNVD: CNNVD-202204-2943 // NVD: CVE-2022-24765

CREDITS

Red Hat

Trust: 0.3

sources: PACKETSTORM: 176728 // PACKETSTORM: 172366 // PACKETSTORM: 172210

SOURCES

db:VULHUBid:VHN-414584
db:VULMONid:CVE-2022-24765
db:JVNDBid:JVNDB-2022-009728
db:PACKETSTORMid:167744
db:PACKETSTORMid:166705
db:PACKETSTORMid:170787
db:PACKETSTORMid:176313
db:PACKETSTORMid:176728
db:PACKETSTORMid:172366
db:PACKETSTORMid:172210
db:CNNVDid:CNNVD-202204-2943
db:NVDid:CVE-2022-24765

LAST UPDATE DATE

2024-12-21T22:55:04.115000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-414584date:2023-02-27T00:00:00
db:VULMONid:CVE-2022-24765date:2023-12-27T00:00:00
db:JVNDBid:JVNDB-2022-009728date:2023-08-08T03:01:00
db:CNNVDid:CNNVD-202204-2943date:2023-02-01T00:00:00
db:NVDid:CVE-2022-24765date:2024-11-21T06:51:02.873

SOURCES RELEASE DATE

db:VULHUBid:VHN-414584date:2022-04-12T00:00:00
db:VULMONid:CVE-2022-24765date:2022-04-12T00:00:00
db:JVNDBid:JVNDB-2022-009728date:2023-08-08T00:00:00
db:PACKETSTORMid:167744date:2022-07-14T14:29:12
db:PACKETSTORMid:166705date:2022-04-13T15:00:59
db:PACKETSTORMid:170787date:2023-01-30T16:35:13
db:PACKETSTORMid:176313date:2023-12-27T14:55:24
db:PACKETSTORMid:176728date:2024-01-26T15:20:15
db:PACKETSTORMid:172366date:2023-05-16T17:08:14
db:PACKETSTORMid:172210date:2023-05-09T15:18:13
db:CNNVDid:CNNVD-202204-2943date:2022-04-12T00:00:00
db:NVDid:CVE-2022-24765date:2022-04-12T18:15:09.390