CVE-2016-9274

Опубликовано: 11 нояб. 2016

Источник: nvd

CVSS3: 7.8

CVSS2: 4.4

EPSS Низкий

Описание

Untrusted search path vulnerability in Git 1.x for Windows allows local users to gain privileges via a Trojan horse git.exe file in the current working directory. NOTE: 2.x is unaffected.

Ссылки

http://www.securityfocus.com/bid/94289
Third Party Advisory
VDB Entry
https://github.com/git-for-windows/git/issues/944
Issue Tracking
Patch
Vendor Advisory
https://www.youtube.com/watch?v=S7jOLv0sul0
Exploit
http://www.securityfocus.com/bid/94289
Third Party Advisory
VDB Entry
https://github.com/git-for-windows/git/issues/944
Issue Tracking
Patch
Vendor Advisory
https://www.youtube.com/watch?v=S7jOLv0sul0
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:git_for_windows_project:git_for_windows:*:*:*:*:*:*:*:*

Версия от 1.0.0 (включая) до 1.9.4 (включая)

EPSS

Процентиль: 18%

0.00059

Низкий

7.8 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-426

Связанные уязвимости

GHSA-xrrq-qjmc-74g7