Описание
Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.
A vulnerability was found in the git GUI package. When a user clones an untrusted repository and edits a file located in a maliciously named directory, git GUI may end up creating or overwriting arbitrary files for the running user has written permission. This flaw allows an attacker to modify the content of target files without the affected user's intent, resulting in a data integrity issue.
Отчет
Red Hat Product Security team has rated this vulnerability as having a Low severity. The is due to the high complexity in exploiting the vulnerability. Additionally, the user needs to be tricked into cloning an untrusted repository and editing a file located in a directory with a maliciously crafted name.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | git | Out of support scope | ||
| Red Hat Enterprise Linux 7 | git | Out of support scope | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Fix deferred | ||
| Red Hat OpenShift Dev Spaces | devspaces/code-rhel9 | Fix deferred | ||
| Red Hat Enterprise Linux 10 | git | Fixed | RHSA-2025:11533 | 22.07.2025 |
| Red Hat Enterprise Linux 8 | git | Fixed | RHSA-2025:11534 | 23.07.2025 |
| Red Hat Enterprise Linux 9 | git | Fixed | RHSA-2025:11462 | 21.07.2025 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
3.1 Low
CVSS3
Связанные уязвимости
Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.
Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.
Git GUI allows you to use the Git source control management tools via ...
Уязвимость графический интерфейс пользователя Git GUI, связанная с внедрением или модификацией аргументов, позволяющая нарушителю создавать или перезаписывать произвольные файлы
EPSS
3.1 Low
CVSS3