ID

VAR-202207-0791


CVE

CVE-2022-29187


TITLE

Git  Vulnerability regarding uncontrolled search path elements in

Trust: 0.8

sources: JVNDB: JVNDB-2022-015238

DESCRIPTION

Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks. Git contains an uncontrolled search path element vulnerability. This vulnerability is CVE-2022-24765 And related vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ========================================================================== Ubuntu Security Notice USN-5511-1 July 13, 2022 git vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Git could be made to run arbitrary commands as an administrator if it received specially crafted inputs. An attacker could possibly use this issue to run arbitrary commands as administrator. (CVE-2022-29187) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: git 1:2.34.1-1ubuntu1.4 Ubuntu 21.10: git 1:2.32.0-1ubuntu1.3 Ubuntu 20.04 LTS: git 1:2.25.1-1ubuntu3.5 Ubuntu 18.04 LTS: git 1:2.17.1-1ubuntu0.12 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: git security and bug fix update Advisory ID: RHSA-2023:2319-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2319 Issue date: 2023-05-09 CVE Names: CVE-2022-24765 CVE-2022-29187 CVE-2022-39253 CVE-2022-39260 ==================================================================== 1. Summary: An update for git is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64 3. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es): * git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree (CVE-2022-24765) * git: Bypass of safe.directory protections (CVE-2022-29187) * git: exposure of sensitive information to a malicious actor (CVE-2022-39253) * git: git shell function that splits command arguments can lead to arbitrary heap writes. (CVE-2022-39260) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2073414 - CVE-2022-24765 git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree 2107439 - CVE-2022-29187 git: Bypass of safe.directory protections 2137422 - CVE-2022-39253 git: exposure of sensitive information to a malicious actor 2137423 - CVE-2022-39260 git: git shell function that splits command arguments can lead to arbitrary heap writes. 2139379 - Rebase git to 2.39 version [rhel-9.2] 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: git-2.39.1-1.el9.src.rpm aarch64: git-2.39.1-1.el9.aarch64.rpm git-core-2.39.1-1.el9.aarch64.rpm git-core-debuginfo-2.39.1-1.el9.aarch64.rpm git-credential-libsecret-2.39.1-1.el9.aarch64.rpm git-credential-libsecret-debuginfo-2.39.1-1.el9.aarch64.rpm git-daemon-2.39.1-1.el9.aarch64.rpm git-daemon-debuginfo-2.39.1-1.el9.aarch64.rpm git-debuginfo-2.39.1-1.el9.aarch64.rpm git-debugsource-2.39.1-1.el9.aarch64.rpm git-subtree-2.39.1-1.el9.aarch64.rpm noarch: git-all-2.39.1-1.el9.noarch.rpm git-core-doc-2.39.1-1.el9.noarch.rpm git-email-2.39.1-1.el9.noarch.rpm git-gui-2.39.1-1.el9.noarch.rpm git-instaweb-2.39.1-1.el9.noarch.rpm git-svn-2.39.1-1.el9.noarch.rpm gitk-2.39.1-1.el9.noarch.rpm gitweb-2.39.1-1.el9.noarch.rpm perl-Git-2.39.1-1.el9.noarch.rpm perl-Git-SVN-2.39.1-1.el9.noarch.rpm ppc64le: git-2.39.1-1.el9.ppc64le.rpm git-core-2.39.1-1.el9.ppc64le.rpm git-core-debuginfo-2.39.1-1.el9.ppc64le.rpm git-credential-libsecret-2.39.1-1.el9.ppc64le.rpm git-credential-libsecret-debuginfo-2.39.1-1.el9.ppc64le.rpm git-daemon-2.39.1-1.el9.ppc64le.rpm git-daemon-debuginfo-2.39.1-1.el9.ppc64le.rpm git-debuginfo-2.39.1-1.el9.ppc64le.rpm git-debugsource-2.39.1-1.el9.ppc64le.rpm git-subtree-2.39.1-1.el9.ppc64le.rpm s390x: git-2.39.1-1.el9.s390x.rpm git-core-2.39.1-1.el9.s390x.rpm git-core-debuginfo-2.39.1-1.el9.s390x.rpm git-credential-libsecret-2.39.1-1.el9.s390x.rpm git-credential-libsecret-debuginfo-2.39.1-1.el9.s390x.rpm git-daemon-2.39.1-1.el9.s390x.rpm git-daemon-debuginfo-2.39.1-1.el9.s390x.rpm git-debuginfo-2.39.1-1.el9.s390x.rpm git-debugsource-2.39.1-1.el9.s390x.rpm git-subtree-2.39.1-1.el9.s390x.rpm x86_64: git-2.39.1-1.el9.x86_64.rpm git-core-2.39.1-1.el9.x86_64.rpm git-core-debuginfo-2.39.1-1.el9.x86_64.rpm git-credential-libsecret-2.39.1-1.el9.x86_64.rpm git-credential-libsecret-debuginfo-2.39.1-1.el9.x86_64.rpm git-daemon-2.39.1-1.el9.x86_64.rpm git-daemon-debuginfo-2.39.1-1.el9.x86_64.rpm git-debuginfo-2.39.1-1.el9.x86_64.rpm git-debugsource-2.39.1-1.el9.x86_64.rpm git-subtree-2.39.1-1.el9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-24765 https://access.redhat.com/security/cve/CVE-2022-29187 https://access.redhat.com/security/cve/CVE-2022-39253 https://access.redhat.com/security/cve/CVE-2022-39260 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZFo03tzjgjWX9erEAQhYSg//bKkon2hHN6jSsXXntqw9ViT5zo9r/KTD cV+t7GM4ipVK8j4EW8EnQKrJBWAzsEhqM2vh9MvM/PpTQ2I/JP53YbTed0qgxE3T SU07XMVbh1BA7OKyJ+eKfWJLBT03/VzzaepqQPwyHyFDAegJ/L9DlZOkHc9NJrfa R+N2Hde/TmUlnRl737ltWtQHE1QSTV1PQZuXb3AEWm6FDe7O62F0GpsuIWj1z8oo IIDLHRjp/mCqT6/A70NIRQvcwhLfRYYMOezKL80iGi7WwRokwEScDFE+gzB9FLrf pjNBFZkQVVxMVYOejArmPuLINaEdZJo/HAOiEtw9gOTzALyKFbWwOHDmSzz1hgbz kqFtZgwnpVZNs3UubXCgWeP4aU9xueZeyBHKNQKVERODtrKFt5jbpPrXu6qGyP9O 6GSgMbUDO5OMqOhTKQiMbKj5gO2DfOIO6vNP5eFwvSXPJG0ZlPIzAJD1cwZdtsVK wWBIMfjjc8zUh8OYm+CWg/lgpZLkQxe/wtFcC7Pw1u7nkN95npMXM3O75R8xe1zg xsa+wzjCmVRwrO2gLnT7/NUkY3saShCvBD+A82trnasbVlI/49oiojZY1PI3CZtz afQDlfLvgygNkV3e5CGe5p9PILwmFbrpALV43dEz6eY+MbeuoE6I7ON8tYtmx4Ds hOpSLJjOLjE=YQQZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-11-01-1 Xcode 14.1 Xcode 14.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213496. Git Available for: macOS Monterey 12.5 and later Impact: Multiple issues in git Description: Multiple issues were addressed by updating to git version 2.32.3. CVE-2022-29187: Carlo Marcelo Arenas Belón and Johannes Schindelin Git Available for: macOS Monterey 12.5 and later Impact: Cloning a malicious repository may result in the disclosure of sensitive information Description: This issue was addressed with improved checks. CVE-2022-39253: Cory Snider of Mirantis Git Available for: macOS Monterey 12.5 and later Impact: A remote user may cause an unexpected app termination or arbitrary code execution if git shell is allowed as a login shell Description: This issue was addressed with improved checks. CVE-2022-39260: Kevin Backhouse of the GitHub Security Lab IDE Xcode Server Available for: macOS Monterey 12.5 and later Impact: An app may be able to gain root privileges Description: An injection issue was addressed with improved input validation. CVE-2022-42797: Tim Michaud (@TimGMichaud) of Moveworks.ai Xcode 14.1 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "Xcode 14.1". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell. This update includes two changes of behavior that may affect certain setup: - It stops when directory traversal changes ownership from the current user while looking for a top-level git directory, a user could make an exception by using the new safe.directory configuration. - The default of protocol.file.allow has been changed from "always" to "user". For the stable distribution (bullseye), these problems have been fixed in version 1:2.30.2-1+deb11u1. We recommend that you upgrade your git packages. Background ========= libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API. Impact ===== Usages of a malicious crafted Git repository could allow the creator of the repository to elevate privileges to those of the user accessing the repository. Workaround ========= Administrators can ensure that their usages of libgit2 only interact with repositories which have only been modified by trusted users. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202312-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Git: Multiple Vulnerabilities Date: December 27, 2023 Bugs: #838127, #857831, #877565, #891221, #894472, #905088 ID: 202312-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Several vulnerabilities have been found in Git, the worst of which could lead to remote code execution. Background ========== Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Affected packages ================= Package Vulnerable Unaffected ----------- ------------ ------------ dev-vcs/git < 2.39.3 >= 2.39.3 Description =========== Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Git users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.39.3" References ========== [ 1 ] CVE-2022-23521 https://nvd.nist.gov/vuln/detail/CVE-2022-23521 [ 2 ] CVE-2022-24765 https://nvd.nist.gov/vuln/detail/CVE-2022-24765 [ 3 ] CVE-2022-29187 https://nvd.nist.gov/vuln/detail/CVE-2022-29187 [ 4 ] CVE-2022-39253 https://nvd.nist.gov/vuln/detail/CVE-2022-39253 [ 5 ] CVE-2022-39260 https://nvd.nist.gov/vuln/detail/CVE-2022-39260 [ 6 ] CVE-2022-41903 https://nvd.nist.gov/vuln/detail/CVE-2022-41903 [ 7 ] CVE-2023-22490 https://nvd.nist.gov/vuln/detail/CVE-2023-22490 [ 8 ] CVE-2023-23946 https://nvd.nist.gov/vuln/detail/CVE-2023-23946 [ 9 ] CVE-2023-25652 https://nvd.nist.gov/vuln/detail/CVE-2023-25652 [ 10 ] CVE-2023-25815 https://nvd.nist.gov/vuln/detail/CVE-2023-25815 [ 11 ] CVE-2023-29007 https://nvd.nist.gov/vuln/detail/CVE-2023-29007 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202312-15 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Trust: 2.43

sources: NVD: CVE-2022-29187 // JVNDB: JVNDB-2022-015238 // VULHUB: VHN-420721 // VULMON: CVE-2022-29187 // PACKETSTORM: 167744 // PACKETSTORM: 172366 // PACKETSTORM: 172210 // PACKETSTORM: 169735 // PACKETSTORM: 170787 // PACKETSTORM: 176551 // PACKETSTORM: 176313

AFFECTED PRODUCTS

vendor:git scmmodel:gitscope:ltversion:2.35.4

Trust: 1.0

vendor:git scmmodel:gitscope:ltversion:2.33.4

Trust: 1.0

vendor:git scmmodel:gitscope:ltversion:2.32.3

Trust: 1.0

vendor:git scmmodel:gitscope:gteversion:2.32.1

Trust: 1.0

vendor:git scmmodel:gitscope:ltversion:2.31.4

Trust: 1.0

vendor:git scmmodel:gitscope:gteversion:2.35.2

Trust: 1.0

vendor:applemodel:xcodescope:ltversion:14.1

Trust: 1.0

vendor:git scmmodel:gitscope:gteversion:2.37.0

Trust: 1.0

vendor:git scmmodel:gitscope:ltversion:2.34.4

Trust: 1.0

vendor:git scmmodel:gitscope:gteversion:2.33.2

Trust: 1.0

vendor:git scmmodel:gitscope:ltversion:2.36.2

Trust: 1.0

vendor:git scmmodel:gitscope:gteversion:2.30.3

Trust: 1.0

vendor:git scmmodel:gitscope:gteversion:2.36.0

Trust: 1.0

vendor:git scmmodel:gitscope:gteversion:2.31.2

Trust: 1.0

vendor:git scmmodel:gitscope:ltversion:2.30.5

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:git scmmodel:gitscope:gteversion:2.34.2

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:36

Trust: 1.0

vendor:git scmmodel:gitscope:ltversion:2.37.1

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:37

Trust: 1.0

vendor:git scmmodel:gitscope: - version: -

Trust: 0.8

vendor:アップルmodel:xcodescope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:fedoramodel:fedorascope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-015238 // NVD: CVE-2022-29187

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-29187
value: HIGH

Trust: 1.0

security-advisories@github.com: CVE-2022-29187
value: HIGH

Trust: 1.0

NVD: CVE-2022-29187
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202207-1179
value: HIGH

Trust: 0.6

VULHUB: VHN-420721
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-29187
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-29187
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-420721
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-29187
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2022-015238
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-420721 // VULMON: CVE-2022-29187 // JVNDB: JVNDB-2022-015238 // CNNVD: CNNVD-202207-1179 // NVD: CVE-2022-29187 // NVD: CVE-2022-29187

PROBLEMTYPE DATA

problemtype:CWE-282

Trust: 1.1

problemtype:CWE-427

Trust: 1.1

problemtype:Uncontrolled search path elements (CWE-427) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-420721 // JVNDB: JVNDB-2022-015238 // NVD: CVE-2022-29187

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-1179

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202207-1179

PATCH

title:HT213496 Apple  Security updateurl:https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html

Trust: 0.8

title:Github Git Fixes for code issue vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=216957

Trust: 0.6

title:Ubuntu Security Notice: USN-5511-1: Git vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5511-1

Trust: 0.1

title:Amazon Linux AMI: ALAS-2022-1623url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2022-1623

Trust: 0.1

title:Debian CVElist Bug Report Logs: git: CVE-2022-29187url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=31324a5ad54489fd6559d515d47be3cb

Trust: 0.1

title:Red Hat: Moderate: git security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20232319 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: git security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20232859 - Security Advisory

Trust: 0.1

title:Amazon Linux 2: ALAS2-2022-1820url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1820

Trust: 0.1

title:Red Hat: url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2022-29187

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2022-29187

Trust: 0.1

title:Amazon Linux 2022: ALAS2022-2022-118url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-118

Trust: 0.1

title:Amazon Linux 2022: ALAS-2022-236url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS-2022-236

Trust: 0.1

title:https://github.com/9069332997/session-1-full-stackurl:https://github.com/9069332997/session-1-full-stack

Trust: 0.1

sources: VULMON: CVE-2022-29187 // JVNDB: JVNDB-2022-015238 // CNNVD: CNNVD-202207-1179

EXTERNAL IDS

db:NVDid:CVE-2022-29187

Trust: 4.1

db:OPENWALLid:OSS-SECURITY/2022/07/14/1

Trust: 2.6

db:ICS CERTid:ICSA-24-046-11

Trust: 0.9

db:PACKETSTORMid:167744

Trust: 0.8

db:PACKETSTORMid:169735

Trust: 0.8

db:PACKETSTORMid:170787

Trust: 0.8

db:JVNid:JVNVU91198149

Trust: 0.8

db:JVNDBid:JVNDB-2022-015238

Trust: 0.8

db:CS-HELPid:SB2022072538

Trust: 0.6

db:CS-HELPid:SB2022071416

Trust: 0.6

db:CS-HELPid:SB2022071350

Trust: 0.6

db:CS-HELPid:SB2022072638

Trust: 0.6

db:AUSCERTid:ESB-2022.3430

Trust: 0.6

db:AUSCERTid:ESB-2022.4630

Trust: 0.6

db:AUSCERTid:ESB-2022.3674

Trust: 0.6

db:AUSCERTid:ESB-2022.5479

Trust: 0.6

db:CNNVDid:CNNVD-202207-1179

Trust: 0.6

db:VULHUBid:VHN-420721

Trust: 0.1

db:VULMONid:CVE-2022-29187

Trust: 0.1

db:PACKETSTORMid:172366

Trust: 0.1

db:PACKETSTORMid:172210

Trust: 0.1

db:PACKETSTORMid:176551

Trust: 0.1

db:PACKETSTORMid:176313

Trust: 0.1

sources: VULHUB: VHN-420721 // VULMON: CVE-2022-29187 // JVNDB: JVNDB-2022-015238 // PACKETSTORM: 167744 // PACKETSTORM: 172366 // PACKETSTORM: 172210 // PACKETSTORM: 169735 // PACKETSTORM: 170787 // PACKETSTORM: 176551 // PACKETSTORM: 176313 // CNNVD: CNNVD-202207-1179 // NVD: CVE-2022-29187

REFERENCES

url:http://www.openwall.com/lists/oss-security/2022/07/14/1

Trust: 2.6

url:https://support.apple.com/kb/ht213496

Trust: 1.8

url:https://github.com/git/git/security/advisories/ghsa-j342-m5hw-rr3v

Trust: 1.8

url:http://seclists.org/fulldisclosure/2022/nov/1

Trust: 1.8

url:https://github.blog/2022-04-12-git-security-vulnerability-announced

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html

Trust: 1.8

url:https://lore.kernel.org/git/xmqqv8s2fefi.fsf@gitster.g/t/#u

Trust: 1.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-29187

Trust: 1.5

url:https://security.gentoo.org/glsa/202312-15

Trust: 1.2

url:https://security.gentoo.org/glsa/202401-17

Trust: 1.2

url:https://lore.kernel.org/git/xmqqv8s2fefi.fsf%40gitster.g/t/#u

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/trzg5cduq27owtpc5mqor4uasnxhwezs/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ddi325loo2xbddklinoaqjeg6mhaurze/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/dikwiswudft2faityia6372bvlh3oooc/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/yrocmbwyfkrss64po6funm6l7lkbukvw/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hvoler2pigmhpqmdgg4rde2kzb74qla2/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/udzrzal7qulob6v7mkt66momwjlbjpx4/

Trust: 1.1

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11

Trust: 0.9

url:https://jvn.jp/vu/jvnvu91198149/index.html

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ddi325loo2xbddklinoaqjeg6mhaurze/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/trzg5cduq27owtpc5mqor4uasnxhwezs/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hvoler2pigmhpqmdgg4rde2kzb74qla2/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/udzrzal7qulob6v7mkt66momwjlbjpx4/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/dikwiswudft2faityia6372bvlh3oooc/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/yrocmbwyfkrss64po6funm6l7lkbukvw/

Trust: 0.7

url:https://www.cybersecurity-help.cz/vdb/sb2022071350

Trust: 0.6

url:https://packetstormsecurity.com/files/169735/apple-security-advisory-2022-11-01-1.html

Trust: 0.6

url:https://support.apple.com/en-us/ht213496

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-29187/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3430

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072638

Trust: 0.6

url:https://vigilance.fr/vulnerability/git-code-execution-via-safe-directory-bypass-38786

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3674

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4630

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5479

Trust: 0.6

url:https://packetstormsecurity.com/files/170787/debian-security-advisory-5332-1.html

Trust: 0.6

url:https://packetstormsecurity.com/files/167744/ubuntu-security-notice-usn-5511-1.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072538

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022071416

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-24765

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-39260

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-39253

Trust: 0.5

url:https://ubuntu.com/security/notices/usn-5511-1

Trust: 0.2

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-39260

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-24765

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-39253

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-29187

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-41903

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23521

Trust: 0.2

url:https://bugs.gentoo.org.

Trust: 0.2

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.2

url:https://security.gentoo.org/

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/427.html

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/282.html

Trust: 0.1

url:https://alas.aws.amazon.com/alas-2022-1623.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/git/1:2.25.1-1ubuntu3.5

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/git/1:2.34.1-1ubuntu1.4

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/git/1:2.17.1-1ubuntu0.12

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/git/1:2.32.0-1ubuntu1.3

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:2859

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:2319

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42797

Trust: 0.1

url:https://developer.apple.com/xcode/downloads/

Trust: 0.1

url:https://support.apple.com/en-us/ht201222.

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://support.apple.com/ht213496.

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://security-tracker.debian.org/tracker/git

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-29007

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-25815

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23946

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-25652

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-22490

Trust: 0.1

sources: VULHUB: VHN-420721 // VULMON: CVE-2022-29187 // JVNDB: JVNDB-2022-015238 // PACKETSTORM: 167744 // PACKETSTORM: 172366 // PACKETSTORM: 172210 // PACKETSTORM: 169735 // PACKETSTORM: 170787 // PACKETSTORM: 176551 // PACKETSTORM: 176313 // CNNVD: CNNVD-202207-1179 // NVD: CVE-2022-29187

CREDITS

Red Hat

Trust: 0.2

sources: PACKETSTORM: 172366 // PACKETSTORM: 172210

SOURCES

db:VULHUBid:VHN-420721
db:VULMONid:CVE-2022-29187
db:JVNDBid:JVNDB-2022-015238
db:PACKETSTORMid:167744
db:PACKETSTORMid:172366
db:PACKETSTORMid:172210
db:PACKETSTORMid:169735
db:PACKETSTORMid:170787
db:PACKETSTORMid:176551
db:PACKETSTORMid:176313
db:CNNVDid:CNNVD-202207-1179
db:NVDid:CVE-2022-29187

LAST UPDATE DATE

2024-08-14T12:14:02.795000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-420721date:2023-01-31T00:00:00
db:VULMONid:CVE-2022-29187date:2024-01-14T00:00:00
db:JVNDBid:JVNDB-2022-015238date:2024-02-19T06:55:00
db:CNNVDid:CNNVD-202207-1179date:2023-02-01T00:00:00
db:NVDid:CVE-2022-29187date:2024-01-14T10:15:08.090

SOURCES RELEASE DATE

db:VULHUBid:VHN-420721date:2022-07-12T00:00:00
db:VULMONid:CVE-2022-29187date:2022-07-12T00:00:00
db:JVNDBid:JVNDB-2022-015238date:2023-09-26T00:00:00
db:PACKETSTORMid:167744date:2022-07-14T14:29:12
db:PACKETSTORMid:172366date:2023-05-16T17:08:14
db:PACKETSTORMid:172210date:2023-05-09T15:18:13
db:PACKETSTORMid:169735date:2022-11-08T13:42:03
db:PACKETSTORMid:170787date:2023-01-30T16:35:13
db:PACKETSTORMid:176551date:2024-01-15T13:55:20
db:PACKETSTORMid:176313date:2023-12-27T14:55:24
db:CNNVDid:CNNVD-202207-1179date:2022-07-12T00:00:00
db:NVDid:CVE-2022-29187date:2022-07-12T21:15:09.560