Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2022-39253

Опубликовано: 08 нояб. 2022
Источник: msrc
EPSS Низкий

Описание

GitHub: CVE-2022-39253 Local clone optimization dereferences symbolic links by default

FAQ

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

Successful exploitation of this vulnerability requires a malicious actor to convince a victim to close a repository with a symbolic link pointing to sensitive information on a victim's machine.

Why is this GitHub CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

For more information see: Local clone optimization dereferences symbolic links by default.

Обновления

ПродуктСтатьяОбновление
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Release Notes
Security Update
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Release Notes
Security Update
Microsoft Visual Studio 2022 version 17.0
Release Notes
Security Update
Microsoft Visual Studio 2022 version 17.2
Release Notes
Security Update
Microsoft Visual Studio 2022 version 17.3
Release Notes
Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 84%
0.02341
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-39253

CVSS3: 5.5
ubuntu
больше 2 лет назад

Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects...

redhat логотип

CVE-2022-39253

CVSS3: 5.5
redhat
больше 2 лет назад

Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects...

nvd логотип

CVE-2022-39253

CVSS3: 5.5
nvd
больше 2 лет назад

Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` d

debian логотип

CVE-2022-39253

CVSS3: 5.5
debian
больше 2 лет назад

Git is an open source, scalable, distributed revision control system. ...

suse-cvrf логотип

SUSE-SU-2022:4271-1

suse-cvrf
больше 2 лет назад

Security update for git

EPSS

Процентиль: 84%
0.02341
Низкий