Описание
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.
A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code.
Отчет
This vulnerability, while significant, does not reach Critical severity due to its reliance on local repository manipulation. While it allows attackers to execute arbitrary code during cloning operations, its impact is constrained by the necessity for access to the target's local environment. Critical severity typically involves vulnerabilities that can be exploited remotely or without user interaction. Nonetheless, this issue remains Important as it can lead to unauthorized code execution, potentially compromising the integrity and security of affected systems. Fuse 7 Karaf uses JGit to manage patches. It's heavily protected by file permissions and RBAC. Unless an attacker have write permissions to Fuse internal git repositories, this vulnerability is not exploitable.
Меры по смягчению последствий
Exercise caution when cloning repositories from untrusted sources.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | git | Affected | ||
| Red Hat Enterprise Linux 6 | git | Out of support scope | ||
| Red Hat Enterprise Linux 7 | git | Not affected | ||
| Red Hat Fuse 7 | git | Out of support scope | ||
| Red Hat Software Collections | rh-git227-git | Affected | ||
| Red Hat Enterprise Linux 8 | git | Fixed | RHSA-2024:4084 | 25.06.2024 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | git | Fixed | RHSA-2024:7701 | 07.10.2024 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | git | Fixed | RHSA-2024:6028 | 29.08.2024 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | git | Fixed | RHSA-2024:6028 | 29.08.2024 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | git | Fixed | RHSA-2024:6028 | 29.08.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.1 High
CVSS3
Связанные уязвимости
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources.
GitHub: CVE-2024-32004 Remote Code Execution while cloning special-crafted local repositories
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...
Уязвимость распределенной системы контроля версий Git, существующая из-за проблемы с управлением процессом, позволяющая нарушителю выполнить произвольный код
EPSS
8.1 High
CVSS3