Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-24765 (GCVE-0-2022-24765)
Vulnerability from cvelistv5 – Published: 2022-04-12 00:00 – Updated: 2025-12-16 17:47
VLAI
EPSS
Title
Uncontrolled search for the Git directory in Git for Windows
Summary
Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`.
Severity
6 (Medium)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
17 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| git-for-windows | git |
Affected:
< 2.35.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash"
},
{
"tags": [
"x_transferred"
],
"url": "https://git-scm.com/docs/git#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode"
},
{
"name": "[oss-security] 20220412 git v2.35.2 and friends for CVE-2022-24765",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/12/7"
},
{
"name": "FEDORA-2022-e99ae504f5",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PTN5NYEHYN2OQSHSAMCNICZNK2U4QH6/"
},
{
"name": "FEDORA-2022-3759ebabd2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BENQYTDGUL6TF3UALY6GSIEXIHUIYNWM/"
},
{
"name": "FEDORA-2022-2fec5f30be",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SLP42KIZ6HACTVZMZLJLFJQ4W2XYT27M/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213261"
},
{
"name": "20220516 APPLE-SA-2022-05-16-8 Xcode 13.4",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/31"
},
{
"name": "FEDORA-2022-dfd7e7fc0e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRZG5CDUQ27OWTPC5MQOR4UASNXHWEZS/"
},
{
"name": "FEDORA-2022-2a5de7cb8b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE/"
},
{
"name": "[debian-lts-announce] 20221213 [SECURITY] [DLA 3239-1] git security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html"
},
{
"name": "FEDORA-2023-470c7ea49e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIKWISWUDFT2FAITYIA6372BVLH3OOOC/"
},
{
"name": "FEDORA-2023-e3c8abd37e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YROCMBWYFKRSS64PO6FUNM6L7LKBUKVW/"
},
{
"name": "FEDORA-2023-1068309389",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVOLER2PIGMHPQMDGG4RDE2KZB74QLA2/"
},
{
"name": "FEDORA-2023-3ec32f6d4e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDZRZAL7QULOB6V7MKT66MOMWJLBJPX4/"
},
{
"name": "GLSA-202312-15",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-15"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24765",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T17:47:32.484278Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T17:47:44.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "git",
"vendor": "git-for-windows",
"versions": [
{
"status": "affected",
"version": "\u003c 2.35.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\\.git\\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\\Users` if the user profile is located in `C:\\Users\\my-user-name`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-27T10:06:30.486Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2"
},
{
"url": "https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash"
},
{
"url": "https://git-scm.com/docs/git#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode"
},
{
"name": "[oss-security] 20220412 git v2.35.2 and friends for CVE-2022-24765",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/12/7"
},
{
"name": "FEDORA-2022-e99ae504f5",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PTN5NYEHYN2OQSHSAMCNICZNK2U4QH6/"
},
{
"name": "FEDORA-2022-3759ebabd2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BENQYTDGUL6TF3UALY6GSIEXIHUIYNWM/"
},
{
"name": "FEDORA-2022-2fec5f30be",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SLP42KIZ6HACTVZMZLJLFJQ4W2XYT27M/"
},
{
"url": "https://support.apple.com/kb/HT213261"
},
{
"name": "20220516 APPLE-SA-2022-05-16-8 Xcode 13.4",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/May/31"
},
{
"name": "FEDORA-2022-dfd7e7fc0e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRZG5CDUQ27OWTPC5MQOR4UASNXHWEZS/"
},
{
"name": "FEDORA-2022-2a5de7cb8b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE/"
},
{
"name": "[debian-lts-announce] 20221213 [SECURITY] [DLA 3239-1] git security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html"
},
{
"name": "FEDORA-2023-470c7ea49e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIKWISWUDFT2FAITYIA6372BVLH3OOOC/"
},
{
"name": "FEDORA-2023-e3c8abd37e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YROCMBWYFKRSS64PO6FUNM6L7LKBUKVW/"
},
{
"name": "FEDORA-2023-1068309389",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVOLER2PIGMHPQMDGG4RDE2KZB74QLA2/"
},
{
"name": "FEDORA-2023-3ec32f6d4e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDZRZAL7QULOB6V7MKT66MOMWJLBJPX4/"
},
{
"name": "GLSA-202312-15",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202312-15"
}
],
"source": {
"advisory": "GHSA-vw2c-22j4-2fh2",
"discovery": "UNKNOWN"
},
"title": "Uncontrolled search for the Git directory in Git for Windows"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24765",
"datePublished": "2022-04-12T00:00:00.000Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-12-16T17:47:44.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-24765",
"date": "2026-05-28",
"epss": "0.00168",
"percentile": "0.37685"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-24765\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-04-12T18:15:09.390\",\"lastModified\":\"2024-11-21T06:51:02.873\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\\\\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\\\\.git\\\\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\\\\Users` if the user profile is located in `C:\\\\Users\\\\my-user-name`.\"},{\"lang\":\"es\",\"value\":\"Git para Windows es un fork de Git que contiene parches espec\u00edficos para Windows. Esta vulnerabilidad afecta a usuarios que trabajan en m\u00e1quinas multiusuario, donde partes no confiables presentan acceso de escritura al mismo disco duro. Estas partes no confiables podr\u00edan crear la carpeta \\\"C:\\\\.git\\\", que ser\u00eda recogida por las operaciones de Git ejecutadas supuestamente fuera de un repositorio mientras es buscado un directorio Git. Git respetar\u00eda entonces cualquier configuraci\u00f3n en dicho directorio Git. Los usuarios de Git Bash que configuren \\\"GIT_PS1_SHOWDIRTYSTATE\\\" tambi\u00e9n son vulnerables. Los usuarios que hayan instalado posh-git son vulnerables simplemente al iniciar un PowerShell. Los usuarios de IDEs como Visual Studio son vulnerables: la simple creaci\u00f3n de un nuevo proyecto ya leer\u00eda y respetar\u00eda la configuraci\u00f3n especificada en \\\"C:\\\\.git\\\\config\\\". Los usuarios del fork de Microsoft de Git son vulnerables simplemente al iniciar un Git Bash. El problema ha sido parcheado en Git para Windows versi\u00f3n v2.35.2. Los usuarios que no puedan actualizarse pueden crear la carpeta \\\".git\\\" en todas las unidades en las que sean ejecutados comandos de Git, y eliminar el acceso de lectura/escritura de esas carpetas como medida de mitigaci\u00f3n. Como alternativa, defina o ampl\u00ede \\\"GIT_CEILING_DIRECTORIES\\\" para que cubra el directorio _parent_ del perfil de usuario, por ejemplo, \\\"C:\\\\Users\\\" si el perfil de usuario es encontrado en \\\"C:\\\\Users\\\\my-user-name\\\"\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N\",\"baseScore\":6.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.8,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-427\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.35.2\",\"matchCriteriaId\":\"F3ACE235-32E1-429A-9A82-628C9D25CADE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.4\",\"matchCriteriaId\":\"ABC5ECCF-B646-4686-AE1E-6F1122B108BB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2022/May/31\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/04/12/7\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://git-scm.com/docs/git#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PTN5NYEHYN2OQSHSAMCNICZNK2U4QH6/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BENQYTDGUL6TF3UALY6GSIEXIHUIYNWM/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIKWISWUDFT2FAITYIA6372BVLH3OOOC/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVOLER2PIGMHPQMDGG4RDE2KZB74QLA2/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SLP42KIZ6HACTVZMZLJLFJQ4W2XYT27M/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRZG5CDUQ27OWTPC5MQOR4UASNXHWEZS/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDZRZAL7QULOB6V7MKT66MOMWJLBJPX4/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YROCMBWYFKRSS64PO6FUNM6L7LKBUKVW/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://security.gentoo.org/glsa/202312-15\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://support.apple.com/kb/HT213261\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/May/31\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/04/12/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://git-scm.com/docs/git#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PTN5NYEHYN2OQSHSAMCNICZNK2U4QH6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BENQYTDGUL6TF3UALY6GSIEXIHUIYNWM/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIKWISWUDFT2FAITYIA6372BVLH3OOOC/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVOLER2PIGMHPQMDGG4RDE2KZB74QLA2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SLP42KIZ6HACTVZMZLJLFJQ4W2XYT27M/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRZG5CDUQ27OWTPC5MQOR4UASNXHWEZS/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDZRZAL7QULOB6V7MKT66MOMWJLBJPX4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YROCMBWYFKRSS64PO6FUNM6L7LKBUKVW/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202312-15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/kb/HT213261\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git-scm.com/docs/git#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/04/12/7\", \"name\": \"[oss-security] 20220412 git v2.35.2 and friends for CVE-2022-24765\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PTN5NYEHYN2OQSHSAMCNICZNK2U4QH6/\", \"name\": \"FEDORA-2022-e99ae504f5\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BENQYTDGUL6TF3UALY6GSIEXIHUIYNWM/\", \"name\": \"FEDORA-2022-3759ebabd2\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SLP42KIZ6HACTVZMZLJLFJQ4W2XYT27M/\", \"name\": \"FEDORA-2022-2fec5f30be\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://support.apple.com/kb/HT213261\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2022/May/31\", \"name\": \"20220516 APPLE-SA-2022-05-16-8 Xcode 13.4\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRZG5CDUQ27OWTPC5MQOR4UASNXHWEZS/\", \"name\": \"FEDORA-2022-dfd7e7fc0e\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE/\", \"name\": \"FEDORA-2022-2a5de7cb8b\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html\", \"name\": \"[debian-lts-announce] 20221213 [SECURITY] [DLA 3239-1] git security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIKWISWUDFT2FAITYIA6372BVLH3OOOC/\", \"name\": \"FEDORA-2023-470c7ea49e\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YROCMBWYFKRSS64PO6FUNM6L7LKBUKVW/\", \"name\": \"FEDORA-2023-e3c8abd37e\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVOLER2PIGMHPQMDGG4RDE2KZB74QLA2/\", \"name\": \"FEDORA-2023-1068309389\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDZRZAL7QULOB6V7MKT66MOMWJLBJPX4/\", \"name\": \"FEDORA-2023-3ec32f6d4e\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-15\", \"name\": \"GLSA-202312-15\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T04:20:50.377Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-24765\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-16T17:47:32.484278Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-20T16:40:49.198Z\"}}], \"cna\": {\"title\": \"Uncontrolled search for the Git directory in Git for Windows\", \"source\": {\"advisory\": \"GHSA-vw2c-22j4-2fh2\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"git-for-windows\", \"product\": \"git\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 2.35.2\"}]}], \"references\": [{\"url\": \"https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2\"}, {\"url\": \"https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash\"}, {\"url\": \"https://git-scm.com/docs/git#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/04/12/7\", \"name\": \"[oss-security] 20220412 git v2.35.2 and friends for CVE-2022-24765\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PTN5NYEHYN2OQSHSAMCNICZNK2U4QH6/\", \"name\": \"FEDORA-2022-e99ae504f5\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BENQYTDGUL6TF3UALY6GSIEXIHUIYNWM/\", \"name\": \"FEDORA-2022-3759ebabd2\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SLP42KIZ6HACTVZMZLJLFJQ4W2XYT27M/\", \"name\": \"FEDORA-2022-2fec5f30be\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT213261\"}, {\"url\": \"http://seclists.org/fulldisclosure/2022/May/31\", \"name\": \"20220516 APPLE-SA-2022-05-16-8 Xcode 13.4\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRZG5CDUQ27OWTPC5MQOR4UASNXHWEZS/\", \"name\": \"FEDORA-2022-dfd7e7fc0e\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE/\", \"name\": \"FEDORA-2022-2a5de7cb8b\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html\", \"name\": \"[debian-lts-announce] 20221213 [SECURITY] [DLA 3239-1] git security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIKWISWUDFT2FAITYIA6372BVLH3OOOC/\", \"name\": \"FEDORA-2023-470c7ea49e\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YROCMBWYFKRSS64PO6FUNM6L7LKBUKVW/\", \"name\": \"FEDORA-2023-e3c8abd37e\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVOLER2PIGMHPQMDGG4RDE2KZB74QLA2/\", \"name\": \"FEDORA-2023-1068309389\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDZRZAL7QULOB6V7MKT66MOMWJLBJPX4/\", \"name\": \"FEDORA-2023-3ec32f6d4e\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-15\", \"name\": \"GLSA-202312-15\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\\\\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\\\\.git\\\\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\\\\Users` if the user profile is located in `C:\\\\Users\\\\my-user-name`.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-427\", \"description\": \"CWE-427: Uncontrolled Search Path Element\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-12-27T10:06:30.486Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-24765\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-16T17:47:44.510Z\", \"dateReserved\": \"2022-02-10T00:00:00.000Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2022-04-12T00:00:00.000Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
alsa-2023:2319
Vulnerability from osv_almalinux
Published
2023-05-09 00:00
Modified
2023-05-12 07:01
Summary
Moderate: git security and bug fix update
Details
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Security Fix(es):
- git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree (CVE-2022-24765)
- git: Bypass of safe.directory protections (CVE-2022-29187)
- git: exposure of sensitive information to a malicious actor (CVE-2022-39253)
- git: git shell function that splits command arguments can lead to arbitrary heap writes. (CVE-2022-39260)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "git"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39.1-1.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "git-all"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39.1-1.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "git-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39.1-1.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "git-core-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39.1-1.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "git-credential-libsecret"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39.1-1.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "git-daemon"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39.1-1.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "git-email"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39.1-1.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "git-gui"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39.1-1.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "git-instaweb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39.1-1.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "git-subtree"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39.1-1.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "git-svn"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39.1-1.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "gitk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39.1-1.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "gitweb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39.1-1.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "perl-Git"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39.1-1.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "perl-Git-SVN"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39.1-1.el9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es):\n\n* git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree (CVE-2022-24765)\n* git: Bypass of safe.directory protections (CVE-2022-29187)\n* git: exposure of sensitive information to a malicious actor (CVE-2022-39253)\n* git: git shell function that splits command arguments can lead to arbitrary heap writes. (CVE-2022-39260)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2023:2319",
"modified": "2023-05-12T07:01:53Z",
"published": "2023-05-09T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:2319"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-24765"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-29187"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-39253"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-39260"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2073414"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2107439"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2137422"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2137423"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2023-2319.html"
}
],
"related": [
"CVE-2022-24765",
"CVE-2022-29187",
"CVE-2022-39253",
"CVE-2022-39260"
],
"summary": "Moderate: git security and bug fix update"
}
alsa-2023:2859
Vulnerability from osv_almalinux
Published
2023-05-16 00:00
Modified
2023-05-19 22:19
Summary
Moderate: git security and bug fix update
Details
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Security Fix(es):
- git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree (CVE-2022-24765)
- git: Bypass of safe.directory protections (CVE-2022-29187)
- git: exposure of sensitive information to a malicious actor (CVE-2022-39253)
- git: git shell function that splits command arguments can lead to arbitrary heap writes. (CVE-2022-39260)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "git"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39.1-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "git-all"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39.1-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "git-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39.1-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "git-core-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39.1-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "git-credential-libsecret"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39.1-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "git-daemon"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39.1-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "git-email"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39.1-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "git-gui"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39.1-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "git-instaweb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39.1-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "git-subtree"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39.1-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "git-svn"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39.1-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gitk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39.1-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gitweb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39.1-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "perl-Git"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39.1-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "perl-Git-SVN"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39.1-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es):\n\n* git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree (CVE-2022-24765)\n* git: Bypass of safe.directory protections (CVE-2022-29187)\n* git: exposure of sensitive information to a malicious actor (CVE-2022-39253)\n* git: git shell function that splits command arguments can lead to arbitrary heap writes. (CVE-2022-39260)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2023:2859",
"modified": "2023-05-19T22:19:51Z",
"published": "2023-05-16T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:2859"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-24765"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-29187"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-39253"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-39260"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2073414"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2107439"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2137422"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2137423"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2023-2859.html"
}
],
"related": [
"CVE-2022-24765",
"CVE-2022-29187",
"CVE-2022-39253",
"CVE-2022-39260"
],
"summary": "Moderate: git security and bug fix update"
}
BDU:2022-02723
Vulnerability from fstec - Published: 12.04.2022
VLAI
Title
Уязвимость распределенной системы управления версиями Git, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии или выполнить произвольные команды
Description
Уязвимость распределенной системы управления версиями Git связана с возможностью создать папку "C:\.git". Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, запускать произвольные команды
Severity
Vendor
Сообщество свободного программного обеспечения, Canonical Ltd., ООО «РусБИТех-Астра», Microsoft Corp, Fedora Project, ООО «Ред Софт», Linus Torvalds, Junio Hamano, Apple Inc., АО "НППКТ"
Software Name
Debian GNU/Linux, Ubuntu, Astra Linux Special Edition (запись в едином реестре российских программ №369), Microsoft Visual Studio 2019, Fedora, РЕД ОС (запись в едином реестре российских программ №3751), Microsoft Visual Studio 2022, Git, Xcode, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), Microsoft Visual Studio 2017
Software Version
9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 1.6 «Смоленск» (Astra Linux Special Edition), 10 (Debian GNU/Linux), 20.04 LTS (Ubuntu), от 16.0 до 16.6 включительно (Microsoft Visual Studio 2019), от 16.0 до 16.8 включительно (Microsoft Visual Studio 2019), 34 (Fedora), 11 (Debian GNU/Linux), 35 (Fedora), 21.10 (Ubuntu), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 17.0 (Microsoft Visual Studio 2022), 36 (Fedora), до 2.35.2 (Git), 17.1 (Microsoft Visual Studio 2022), до 13.4 (Xcode), 4.7 (Astra Linux Special Edition), до 2.5 (ОСОН ОСнова Оnyx), от 15.0 до 15.8 включительно (Microsoft Visual Studio 2017), от 16.0 до 16.10 включительно (Microsoft Visual Studio 2019)
Possible Mitigations
Использование рекомендаций:
Для Git:
https://git-scm.com/downloads
Для продуктов Red Hat Inc.:
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24765.xml
Для Ubuntu:
https://ubuntu.com/security/CVE-2022-24765
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2022-24765
Для РедОС:
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PTN5NYEHYN2OQSHSAMCNICZNK2U4QH6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BENQYTDGUL6TF3UALY6GSIEXIHUIYNWM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLP42KIZ6HACTVZMZLJLFJQ4W2XYT27M/
Для продуктов Microsoft Corp.:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24765
Для Apple Xcode:
https://support.apple.com/kb/HT213261
Организационные меры:
Пользователи, которые не имеют возможности выполнить обновление, могут:
1. Создать папку `.git` на всех дисках, где выполняются команды Git, и удалить доступ для чтения/записи к этим папкам
2. Определить GIT_CEILING_DIRECTORIES переменную среды , чтобы она содержала родительский каталог вашего профиля пользователя (т . е. /Users в macOS,
/homeLinux и C:\UsersWindows)
3. Избегайть запуска Git на многопользовательских компьютерах, если ваш текущий рабочий каталог не находится в доверенном репозитории
Для ОСОН Основа:
Обновление программного обеспечения git до версии 1:2.36.1-1
Для Astra Linux Special Edition 1.7: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0303SE17MD
Для Astra Linux Special Edition для архитектуры ARM для 4.7: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0316SE47MD
Для Astra Linux Special Edition 1.6 «Смоленск»::
обновить пакет git до 1:2.11.0-3+deb9u10+ci202408021513+astra4 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16
Reference
https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2
https://packetstormsecurity.com/files/cve/CVE-2022-24765
https://redos.red-soft.ru/support/secure/
http://seclists.org/fulldisclosure/2022/May/31
http://www.openwall.com/lists/oss-security/2022/04/12/7
https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash
https://git-scm.com/docs/git#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PTN5NYEHYN2OQSHSAMCNICZNK2U4QH6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BENQYTDGUL6TF3UALY6GSIEXIHUIYNWM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLP42KIZ6HACTVZMZLJLFJQ4W2XYT27M/
https://support.apple.com/kb/HT213261
https://nvd.nist.gov/vuln/detail/CVE-2022-24765
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24765
https://github.blog/2022-04-12-git-security-vulnerability-announced/
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0303SE17MD
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0316SE47MD
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16
CWE
CWE-284, CWE-427
{
"CVSS 2.0": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "TO708, TO712, TO714, TO716",
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": "TO708 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Visual Studio 2019 16.11.30, TO712 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Visual Studio 2019 16.7.27, TO714 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Visual Studio 2019 16.9.26, TO716 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Visual Studio 2019 16.11.21",
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Canonical Ltd., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Microsoft Corp, Fedora Project, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Linus Torvalds, Junio Hamano, Apple Inc., \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 10 (Debian GNU/Linux), 20.04 LTS (Ubuntu), \u043e\u0442 16.0 \u0434\u043e 16.6 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Microsoft Visual Studio 2019), \u043e\u0442 16.0 \u0434\u043e 16.8 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Microsoft Visual Studio 2019), 34 (Fedora), 11 (Debian GNU/Linux), 35 (Fedora), 21.10 (Ubuntu), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 17.0 (Microsoft Visual Studio 2022), 36 (Fedora), \u0434\u043e 2.35.2 (Git), 17.1 (Microsoft Visual Studio 2022), \u0434\u043e 13.4 (Xcode), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.5 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u043e\u0442 15.0 \u0434\u043e 15.8 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Microsoft Visual Studio 2017), \u043e\u0442 16.0 \u0434\u043e 16.10 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Microsoft Visual Studio 2019)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\n\u0414\u043b\u044f Git:\nhttps://git-scm.com/downloads\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\n\nhttps://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24765.xml\n\n\n\n\u0414\u043b\u044f Ubuntu:\n\nhttps://ubuntu.com/security/CVE-2022-24765\n\n\n\n\u0414\u043b\u044f Debian GNU/Linux:\n\nhttps://security-tracker.debian.org/tracker/CVE-2022-24765\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: \nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PTN5NYEHYN2OQSHSAMCNICZNK2U4QH6/ \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BENQYTDGUL6TF3UALY6GSIEXIHUIYNWM/ \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLP42KIZ6HACTVZMZLJLFJQ4W2XYT27M/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Microsoft Corp.:\nhttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24765\n\n\u0414\u043b\u044f Apple Xcode:\nhttps://support.apple.com/kb/HT213261\n\n\u041e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u043c\u0435\u0440\u044b:\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435 \u0438\u043c\u0435\u044e\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435, \u043c\u043e\u0433\u0443\u0442: \n1. \u0421\u043e\u0437\u0434\u0430\u0442\u044c \u043f\u0430\u043f\u043a\u0443 `.git` \u043d\u0430 \u0432\u0441\u0435\u0445 \u0434\u0438\u0441\u043a\u0430\u0445, \u0433\u0434\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u044e\u0442\u0441\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u044b Git, \u0438 \u0443\u0434\u0430\u043b\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u0434\u043b\u044f \u0447\u0442\u0435\u043d\u0438\u044f/\u0437\u0430\u043f\u0438\u0441\u0438 \u043a \u044d\u0442\u0438\u043c \u043f\u0430\u043f\u043a\u0430\u043c\n2. \u041e\u043f\u0440\u0435\u0434\u0435\u043b\u0438\u0442\u044c GIT_CEILING_DIRECTORIES \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u0443\u044e \u0441\u0440\u0435\u0434\u044b , \u0447\u0442\u043e\u0431\u044b \u043e\u043d\u0430 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043b\u0430 \u0440\u043e\u0434\u0438\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0439 \u043a\u0430\u0442\u0430\u043b\u043e\u0433 \u0432\u0430\u0448\u0435\u0433\u043e \u043f\u0440\u043e\u0444\u0438\u043b\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f (\u0442 . \u0435. /Users \u0432 macOS,\n/homeLinux \u0438 C:\\UsersWindows)\n3. \u0418\u0437\u0431\u0435\u0433\u0430\u0439\u0442\u044c \u0437\u0430\u043f\u0443\u0441\u043a\u0430 Git \u043d\u0430 \u043c\u043d\u043e\u0433\u043e\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430\u0445, \u0435\u0441\u043b\u0438 \u0432\u0430\u0448 \u0442\u0435\u043a\u0443\u0449\u0438\u0439 \u0440\u0430\u0431\u043e\u0447\u0438\u0439 \u043a\u0430\u0442\u0430\u043b\u043e\u0433 \u043d\u0435 \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u0432 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u043e\u043c \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0438\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f git \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:2.36.1-1\n\n\u0414\u043b\u044f Astra Linux Special Edition 1.7: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0303SE17MD\n\n\u0414\u043b\u044f Astra Linux Special Edition \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM \u0434\u043b\u044f 4.7: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0316SE47MD\n\n\u0414\u043b\u044f Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb::\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 git \u0434\u043e 1:2.11.0-3+deb9u10+ci202408021513+astra4 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "12.04.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "07.11.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "28.04.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-02723",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-24765",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Ubuntu, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Microsoft Visual Studio 2019, Fedora, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Microsoft Visual Studio 2022, Git, Xcode, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), Microsoft Visual Studio 2017",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Canonical Ltd. Ubuntu 20.04 LTS , Fedora Project Fedora 34 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , Fedora Project Fedora 35 , Canonical Ltd. Ubuntu 21.10 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Fedora Project Fedora 36 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0432\u0435\u0440\u0441\u0438\u044f\u043c\u0438 Git, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (CWE-284), \u041d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u044d\u043b\u0435\u043c\u0435\u043d\u0442 \u043f\u0443\u0442\u0438 \u043f\u043e\u0438\u0441\u043a\u0430 (CWE-427)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0432\u0435\u0440\u0441\u0438\u044f\u043c\u0438 Git \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043f\u0430\u043f\u043a\u0443 \"C:\\.git\". \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438, \u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2\nhttps://packetstormsecurity.com/files/cve/CVE-2022-24765\nhttps://redos.red-soft.ru/support/secure/\nhttp://seclists.org/fulldisclosure/2022/May/31 \nhttp://www.openwall.com/lists/oss-security/2022/04/12/7 \nhttps://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash \nhttps://git-scm.com/docs/git#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PTN5NYEHYN2OQSHSAMCNICZNK2U4QH6/ \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BENQYTDGUL6TF3UALY6GSIEXIHUIYNWM/ \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLP42KIZ6HACTVZMZLJLFJQ4W2XYT27M/ \nhttps://support.apple.com/kb/HT213261\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-24765\nhttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24765\nhttps://github.blog/2022-04-12-git-security-vulnerability-announced/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.5/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0303SE17MD\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0316SE47MD\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-284, CWE-427",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,9)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6)"
}
CERTFR-2022-AVI-337
Vulnerability from certfr_avis - Published: 2022-04-13 - Updated: 2022-04-13
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une usurpation d'identité, une exécution de code à distance, une élévation de privilèges et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Azure | Azure Site Recovery VMWare to Azure | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.0 | ||
| Microsoft | N/A | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | ||
| Microsoft | N/A | Skype pour Business Server 2015 CU12 | ||
| Microsoft | N/A | YARP 1.0 | ||
| Microsoft | N/A | YARP 1.1RC | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) | ||
| Microsoft | N/A | HEVC Video Extensions | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | ||
| Microsoft | N/A | Skype pour Business Server 2019 CU6 | ||
| Microsoft | N/A | Microsoft Malware Protection Engine | ||
| Microsoft | N/A | Visual Studio 2019 pour Mac version 8.10 | ||
| Microsoft | N/A | Visual Studio Code | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 9.1 | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour 64 bits Systems | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.1 | ||
| Microsoft | N/A | Microsoft On-Premises Data Gateway | ||
| Microsoft | N/A | HEVC Video Extension | ||
| Microsoft | N/A | Microsoft Lync Server 2013 CU10 | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 9.0 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Site Recovery VMWare to Azure",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Skype pour Business Server 2015 CU12",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "YARP 1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "YARP 1.1RC",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "HEVC Video Extensions",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Skype pour Business Server 2019 CU6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Malware Protection Engine",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Visual Studio 2019 pour Mac version 8.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Visual Studio Code",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 9.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour 64 bits Systems",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft On-Premises Data Gateway",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "HEVC Video Extension",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Lync Server 2013 CU10",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-26896",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26896"
},
{
"name": "CVE-2022-24513",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24513"
},
{
"name": "CVE-2022-26897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26897"
},
{
"name": "CVE-2022-26910",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26910"
},
{
"name": "CVE-2022-24548",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24548"
},
{
"name": "CVE-2022-26911",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26911"
},
{
"name": "CVE-2022-24765",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24765"
},
{
"name": "CVE-2022-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24532"
},
{
"name": "CVE-2022-23259",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23259"
},
{
"name": "CVE-2022-26898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26898"
},
{
"name": "CVE-2022-24767",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24767"
},
{
"name": "CVE-2022-26924",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26924"
},
{
"name": "CVE-2022-26921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26921"
},
{
"name": "CVE-2022-24473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24473"
},
{
"name": "CVE-2022-26901",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26901"
},
{
"name": "CVE-2022-23292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23292"
}
],
"initial_release_date": "2022-04-13T00:00:00",
"last_revision_date": "2022-04-13T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-26911 du 12 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26911"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24532 du 12 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24532"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-26898 du 12 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26898"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-26924 du 12 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26924"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-26901 du 12 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26901"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-23259 du 12 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23259"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-26896 du 12 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26896"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-26910 du 12 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26910"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24473 du 12 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24473"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-26897 du 12 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26897"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24548 du 12 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24548"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24513 du 12 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24513"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24767 du 12 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24767"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-26921 du 12 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26921"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24765 du 12 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24765"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-23292 du 12 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23292"
}
],
"reference": "CERTFR-2022-AVI-337",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es,\nune usurpation d\u0027identit\u00e9, une ex\u00e9cution de code \u00e0 distance, une\n\u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 avril 2022",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2022-AVI-466
Vulnerability from certfr_avis - Published: 2022-05-17 - Updated: 2022-05-17
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | Apple iOS versions antérieures à 15.5 | ||
| Apple | macOS | Apple macOS Monterey versions antérieures à 12.4 | ||
| Apple | N/A | Apple tvOS versions antérieures à 15.5 | ||
| Apple | Safari | Apple Safari versions antérieures à 15.5 | ||
| Apple | N/A | Apple watchOS versions antérieures à 8.6 | ||
| Apple | N/A | Apple Xcode versions antérieures à 13.4 | ||
| Apple | macOS | Apple macOS Catalina versions antérieures à 2022-004 | ||
| Apple | N/A | Apple iPadOS versions antérieures à 15.5 | ||
| Apple | macOS | Apple macOS Big Sur versions antérieures à 11.6.6 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apple iOS versions ant\u00e9rieures \u00e0 15.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple macOS Monterey versions ant\u00e9rieures \u00e0 12.4",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple tvOS versions ant\u00e9rieures \u00e0 15.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Safari versions ant\u00e9rieures \u00e0 15.5",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple watchOS versions ant\u00e9rieures \u00e0 8.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Xcode versions ant\u00e9rieures \u00e0 13.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple macOS Catalina versions ant\u00e9rieures \u00e0 2022-004",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple iPadOS versions ant\u00e9rieures \u00e0 15.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple macOS Big Sur versions ant\u00e9rieures \u00e0 11.6.6",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-26701",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26701"
},
{
"name": "CVE-2022-26722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26722"
},
{
"name": "CVE-2022-26769",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26769"
},
{
"name": "CVE-2022-26761",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26761"
},
{
"name": "CVE-2021-4192",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4192"
},
{
"name": "CVE-2022-26751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26751"
},
{
"name": "CVE-2022-26702",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26702"
},
{
"name": "CVE-2022-26693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26693"
},
{
"name": "CVE-2022-26700",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26700"
},
{
"name": "CVE-2022-26753",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26753"
},
{
"name": "CVE-2022-26763",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26763"
},
{
"name": "CVE-2022-26776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26776"
},
{
"name": "CVE-2022-26772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26772"
},
{
"name": "CVE-2021-4173",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4173"
},
{
"name": "CVE-2022-26756",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26756"
},
{
"name": "CVE-2022-22721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22721"
},
{
"name": "CVE-2022-26766",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26766"
},
{
"name": "CVE-2022-26744",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26744"
},
{
"name": "CVE-2022-26770",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26770"
},
{
"name": "CVE-2022-26739",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26739"
},
{
"name": "CVE-2022-22589",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22589"
},
{
"name": "CVE-2022-26723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26723"
},
{
"name": "CVE-2022-22674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22674"
},
{
"name": "CVE-2022-26760",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26760"
},
{
"name": "CVE-2022-26754",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26754"
},
{
"name": "CVE-2021-4136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4136"
},
{
"name": "CVE-2022-26740",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26740"
},
{
"name": "CVE-2022-26762",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26762"
},
{
"name": "CVE-2022-26717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26717"
},
{
"name": "CVE-2022-26708",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26708"
},
{
"name": "CVE-2022-24765",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24765"
},
{
"name": "CVE-2022-26711",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26711"
},
{
"name": "CVE-2022-26764",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26764"
},
{
"name": "CVE-2022-26765",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26765"
},
{
"name": "CVE-2022-26775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26775"
},
{
"name": "CVE-2021-4166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4166"
},
{
"name": "CVE-2022-0128",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0128"
},
{
"name": "CVE-2022-26742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26742"
},
{
"name": "CVE-2022-22665",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22665"
},
{
"name": "CVE-2022-0530",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0530"
},
{
"name": "CVE-2022-22677",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22677"
},
{
"name": "CVE-2022-22673",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22673"
},
{
"name": "CVE-2022-26768",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26768"
},
{
"name": "CVE-2021-4193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4193"
},
{
"name": "CVE-2022-26738",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26738"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2022-26719",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26719"
},
{
"name": "CVE-2022-22675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22675"
},
{
"name": "CVE-2022-26720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26720"
},
{
"name": "CVE-2022-26698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26698"
},
{
"name": "CVE-2022-26748",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26748"
},
{
"name": "CVE-2022-26749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26749"
},
{
"name": "CVE-2022-26714",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26714"
},
{
"name": "CVE-2022-26747",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26747"
},
{
"name": "CVE-2022-26726",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26726"
},
{
"name": "CVE-2022-22719",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22719"
},
{
"name": "CVE-2022-26704",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26704"
},
{
"name": "CVE-2022-26755",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26755"
},
{
"name": "CVE-2022-26725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26725"
},
{
"name": "CVE-2021-45444",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45444"
},
{
"name": "CVE-2022-23308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
},
{
"name": "CVE-2022-22663",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22663"
},
{
"name": "CVE-2022-26721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26721"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-26741",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26741"
},
{
"name": "CVE-2022-26728",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26728"
},
{
"name": "CVE-2022-22720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
},
{
"name": "CVE-2021-44224",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44224"
},
{
"name": "CVE-2022-26743",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26743"
},
{
"name": "CVE-2022-26727",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26727"
},
{
"name": "CVE-2022-26737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26737"
},
{
"name": "CVE-2022-26736",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26736"
},
{
"name": "CVE-2022-26715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26715"
},
{
"name": "CVE-2022-26731",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26731"
},
{
"name": "CVE-2022-26767",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26767"
},
{
"name": "CVE-2022-26771",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26771"
},
{
"name": "CVE-2015-4142",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4142"
},
{
"name": "CVE-2022-26724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26724"
},
{
"name": "CVE-2021-44790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
},
{
"name": "CVE-2022-26752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26752"
},
{
"name": "CVE-2022-26706",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26706"
},
{
"name": "CVE-2021-4187",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4187"
},
{
"name": "CVE-2022-26750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26750"
},
{
"name": "CVE-2021-46059",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46059"
},
{
"name": "CVE-2022-26745",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26745"
},
{
"name": "CVE-2022-26746",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26746"
},
{
"name": "CVE-2022-26716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26716"
},
{
"name": "CVE-2022-26712",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26712"
},
{
"name": "CVE-2022-26710",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26710"
},
{
"name": "CVE-2022-26718",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26718"
},
{
"name": "CVE-2022-26694",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26694"
},
{
"name": "CVE-2022-26703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26703"
},
{
"name": "CVE-2022-26697",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26697"
},
{
"name": "CVE-2022-26709",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26709"
},
{
"name": "CVE-2022-26757",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26757"
}
],
"initial_release_date": "2022-05-17T00:00:00",
"last_revision_date": "2022-05-17T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-466",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement de\nla politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213257 du 16 mai 2022",
"url": "https://support.apple.com/fr-fr/HT213257"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213255 du 16 mai 2022",
"url": "https://support.apple.com/fr-fr/HT213255"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213261 du 16 mai 2022",
"url": "https://support.apple.com/fr-fr/HT213261"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213256 du 16 mai 2022",
"url": "https://support.apple.com/fr-fr/HT213256"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213253 du 16 mai 2022",
"url": "https://support.apple.com/fr-fr/HT213253"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213254 du 16 mai 2022",
"url": "https://support.apple.com/fr-fr/HT213254"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213258 du 16 mai 2022",
"url": "https://support.apple.com/fr-fr/HT213258"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213260 du 16 mai 2022",
"url": "https://support.apple.com/fr-fr/HT213260"
}
]
}
CERTFR-2022-AVI-467
Vulnerability from certfr_avis - Published: 2022-05-17 - Updated: 2022-05-17
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise High Availability 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Basesystem 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP5 | ||
| SUSE | SUSE Manager Retail Branch Server | SUSE Manager Retail Branch Server 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Development Tools 15-SP3 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.2 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.4 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time Extension 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Realtime 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.2 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.1 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Public Cloud 15-SP3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15-SP3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Legacy Software 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Realtime Extension 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 12-SP5 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise High Availability 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Basesystem 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.2",
"product": {
"name": "SUSE Manager Retail Branch Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Development Tools 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.2",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time Extension 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Realtime 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.2",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Public Cloud 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP3",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 12-SP5",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Legacy Software 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Realtime Extension 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-26701",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26701"
},
{
"name": "CVE-2022-26722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26722"
},
{
"name": "CVE-2022-26769",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26769"
},
{
"name": "CVE-2022-26761",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26761"
},
{
"name": "CVE-2021-4192",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4192"
},
{
"name": "CVE-2022-26751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26751"
},
{
"name": "CVE-2022-26702",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26702"
},
{
"name": "CVE-2022-26693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26693"
},
{
"name": "CVE-2022-26700",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26700"
},
{
"name": "CVE-2022-26753",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26753"
},
{
"name": "CVE-2022-26763",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26763"
},
{
"name": "CVE-2022-26776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26776"
},
{
"name": "CVE-2022-26772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26772"
},
{
"name": "CVE-2021-4173",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4173"
},
{
"name": "CVE-2022-26756",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26756"
},
{
"name": "CVE-2022-22721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22721"
},
{
"name": "CVE-2022-26766",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26766"
},
{
"name": "CVE-2022-26744",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26744"
},
{
"name": "CVE-2022-26770",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26770"
},
{
"name": "CVE-2022-26739",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26739"
},
{
"name": "CVE-2022-22589",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22589"
},
{
"name": "CVE-2022-26723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26723"
},
{
"name": "CVE-2022-22674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22674"
},
{
"name": "CVE-2022-26760",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26760"
},
{
"name": "CVE-2022-26754",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26754"
},
{
"name": "CVE-2021-4136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4136"
},
{
"name": "CVE-2022-26740",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26740"
},
{
"name": "CVE-2022-26762",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26762"
},
{
"name": "CVE-2022-26717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26717"
},
{
"name": "CVE-2022-26708",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26708"
},
{
"name": "CVE-2022-24765",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24765"
},
{
"name": "CVE-2022-26711",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26711"
},
{
"name": "CVE-2022-26764",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26764"
},
{
"name": "CVE-2022-26765",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26765"
},
{
"name": "CVE-2022-26775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26775"
},
{
"name": "CVE-2021-4166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4166"
},
{
"name": "CVE-2022-0128",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0128"
},
{
"name": "CVE-2022-26742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26742"
},
{
"name": "CVE-2022-22665",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22665"
},
{
"name": "CVE-2022-0530",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0530"
},
{
"name": "CVE-2022-22677",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22677"
},
{
"name": "CVE-2022-22673",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22673"
},
{
"name": "CVE-2022-26768",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26768"
},
{
"name": "CVE-2021-4193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4193"
},
{
"name": "CVE-2022-26738",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26738"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2022-26719",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26719"
},
{
"name": "CVE-2022-22675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22675"
},
{
"name": "CVE-2022-26720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26720"
},
{
"name": "CVE-2022-26698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26698"
},
{
"name": "CVE-2022-26748",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26748"
},
{
"name": "CVE-2022-26749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26749"
},
{
"name": "CVE-2022-26714",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26714"
},
{
"name": "CVE-2022-26747",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26747"
},
{
"name": "CVE-2022-26726",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26726"
},
{
"name": "CVE-2022-22719",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22719"
},
{
"name": "CVE-2022-26704",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26704"
},
{
"name": "CVE-2022-26755",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26755"
},
{
"name": "CVE-2022-26725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26725"
},
{
"name": "CVE-2021-45444",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45444"
},
{
"name": "CVE-2022-23308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
},
{
"name": "CVE-2022-22663",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22663"
},
{
"name": "CVE-2022-26721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26721"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-26741",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26741"
},
{
"name": "CVE-2022-26728",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26728"
},
{
"name": "CVE-2022-22720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
},
{
"name": "CVE-2021-44224",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44224"
},
{
"name": "CVE-2022-26743",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26743"
},
{
"name": "CVE-2022-26727",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26727"
},
{
"name": "CVE-2022-26737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26737"
},
{
"name": "CVE-2022-26736",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26736"
},
{
"name": "CVE-2022-26715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26715"
},
{
"name": "CVE-2022-26731",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26731"
},
{
"name": "CVE-2022-26767",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26767"
},
{
"name": "CVE-2022-26771",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26771"
},
{
"name": "CVE-2015-4142",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4142"
},
{
"name": "CVE-2022-26724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26724"
},
{
"name": "CVE-2021-44790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
},
{
"name": "CVE-2022-26752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26752"
},
{
"name": "CVE-2022-26706",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26706"
},
{
"name": "CVE-2021-4187",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4187"
},
{
"name": "CVE-2022-26750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26750"
},
{
"name": "CVE-2021-46059",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46059"
},
{
"name": "CVE-2022-26745",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26745"
},
{
"name": "CVE-2022-26746",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26746"
},
{
"name": "CVE-2022-26716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26716"
},
{
"name": "CVE-2022-26712",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26712"
},
{
"name": "CVE-2022-26710",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26710"
},
{
"name": "CVE-2022-26718",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26718"
},
{
"name": "CVE-2022-26694",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26694"
},
{
"name": "CVE-2022-26703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26703"
},
{
"name": "CVE-2022-26697",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26697"
},
{
"name": "CVE-2022-26709",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26709"
},
{
"name": "CVE-2022-26757",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26757"
}
],
"initial_release_date": "2022-05-17T00:00:00",
"last_revision_date": "2022-05-17T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-467",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement de\nla politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20221686-1 du 16 mai 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221686-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20221669-1 du 16 mai 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221669-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20221668-1 du 16 mai 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221668-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20221687-1 du 16 mai 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221687-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20221676-1 du 16 mai 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221676-1/"
}
]
}
FKIE_CVE-2022-24765
Vulnerability from fkie_nvd - Published: 2022-04-12 18:15 - Updated: 2024-11-21 06:51
Severity
6.0 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | http://seclists.org/fulldisclosure/2022/May/31 | Mailing List, Third Party Advisory | |
| security-advisories@github.com | http://www.openwall.com/lists/oss-security/2022/04/12/7 | Mailing List, Third Party Advisory | |
| security-advisories@github.com | https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash | Vendor Advisory | |
| security-advisories@github.com | https://git-scm.com/docs/git#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode | Vendor Advisory | |
| security-advisories@github.com | https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2 | Mitigation, Third Party Advisory | |
| security-advisories@github.com | https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html | Mailing List, Third Party Advisory | |
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PTN5NYEHYN2OQSHSAMCNICZNK2U4QH6/ | ||
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BENQYTDGUL6TF3UALY6GSIEXIHUIYNWM/ | ||
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE/ | ||
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIKWISWUDFT2FAITYIA6372BVLH3OOOC/ | ||
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVOLER2PIGMHPQMDGG4RDE2KZB74QLA2/ | ||
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SLP42KIZ6HACTVZMZLJLFJQ4W2XYT27M/ | ||
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRZG5CDUQ27OWTPC5MQOR4UASNXHWEZS/ | ||
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDZRZAL7QULOB6V7MKT66MOMWJLBJPX4/ | ||
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YROCMBWYFKRSS64PO6FUNM6L7LKBUKVW/ | ||
| security-advisories@github.com | https://security.gentoo.org/glsa/202312-15 | ||
| security-advisories@github.com | https://support.apple.com/kb/HT213261 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2022/May/31 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2022/04/12/7 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git-scm.com/docs/git#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2 | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PTN5NYEHYN2OQSHSAMCNICZNK2U4QH6/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BENQYTDGUL6TF3UALY6GSIEXIHUIYNWM/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIKWISWUDFT2FAITYIA6372BVLH3OOOC/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVOLER2PIGMHPQMDGG4RDE2KZB74QLA2/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SLP42KIZ6HACTVZMZLJLFJQ4W2XYT27M/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRZG5CDUQ27OWTPC5MQOR4UASNXHWEZS/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDZRZAL7QULOB6V7MKT66MOMWJLBJPX4/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YROCMBWYFKRSS64PO6FUNM6L7LKBUKVW/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202312-15 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT213261 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| git-scm | git | * | |
| microsoft | windows | - | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 | |
| apple | xcode | * | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3ACE235-32E1-429A-9A82-628C9D25CADE",
"versionEndExcluding": "2.35.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC5ECCF-B646-4686-AE1E-6F1122B108BB",
"versionEndExcluding": "13.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\\.git\\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\\Users` if the user profile is located in `C:\\Users\\my-user-name`."
},
{
"lang": "es",
"value": "Git para Windows es un fork de Git que contiene parches espec\u00edficos para Windows. Esta vulnerabilidad afecta a usuarios que trabajan en m\u00e1quinas multiusuario, donde partes no confiables presentan acceso de escritura al mismo disco duro. Estas partes no confiables podr\u00edan crear la carpeta \"C:\\.git\", que ser\u00eda recogida por las operaciones de Git ejecutadas supuestamente fuera de un repositorio mientras es buscado un directorio Git. Git respetar\u00eda entonces cualquier configuraci\u00f3n en dicho directorio Git. Los usuarios de Git Bash que configuren \"GIT_PS1_SHOWDIRTYSTATE\" tambi\u00e9n son vulnerables. Los usuarios que hayan instalado posh-git son vulnerables simplemente al iniciar un PowerShell. Los usuarios de IDEs como Visual Studio son vulnerables: la simple creaci\u00f3n de un nuevo proyecto ya leer\u00eda y respetar\u00eda la configuraci\u00f3n especificada en \"C:\\.git\\config\". Los usuarios del fork de Microsoft de Git son vulnerables simplemente al iniciar un Git Bash. El problema ha sido parcheado en Git para Windows versi\u00f3n v2.35.2. Los usuarios que no puedan actualizarse pueden crear la carpeta \".git\" en todas las unidades en las que sean ejecutados comandos de Git, y eliminar el acceso de lectura/escritura de esas carpetas como medida de mitigaci\u00f3n. Como alternativa, defina o ampl\u00ede \"GIT_CEILING_DIRECTORIES\" para que cubra el directorio _parent_ del perfil de usuario, por ejemplo, \"C:\\Users\" si el perfil de usuario es encontrado en \"C:\\Users\\my-user-name\""
}
],
"id": "CVE-2022-24765",
"lastModified": "2024-11-21T06:51:02.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-12T18:15:09.390",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/May/31"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/12/7"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://git-scm.com/docs/git#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PTN5NYEHYN2OQSHSAMCNICZNK2U4QH6/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BENQYTDGUL6TF3UALY6GSIEXIHUIYNWM/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIKWISWUDFT2FAITYIA6372BVLH3OOOC/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVOLER2PIGMHPQMDGG4RDE2KZB74QLA2/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SLP42KIZ6HACTVZMZLJLFJQ4W2XYT27M/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRZG5CDUQ27OWTPC5MQOR4UASNXHWEZS/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDZRZAL7QULOB6V7MKT66MOMWJLBJPX4/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YROCMBWYFKRSS64PO6FUNM6L7LKBUKVW/"
},
{
"source": "security-advisories@github.com",
"url": "https://security.gentoo.org/glsa/202312-15"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/May/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/12/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://git-scm.com/docs/git#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PTN5NYEHYN2OQSHSAMCNICZNK2U4QH6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BENQYTDGUL6TF3UALY6GSIEXIHUIYNWM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIKWISWUDFT2FAITYIA6372BVLH3OOOC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVOLER2PIGMHPQMDGG4RDE2KZB74QLA2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SLP42KIZ6HACTVZMZLJLFJQ4W2XYT27M/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRZG5CDUQ27OWTPC5MQOR4UASNXHWEZS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDZRZAL7QULOB6V7MKT66MOMWJLBJPX4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YROCMBWYFKRSS64PO6FUNM6L7LKBUKVW/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202312-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213261"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GSD-2022-24765
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-24765",
"description": "Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\\.git\\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\\Users` if the user profile is located in `C:\\Users\\my-user-name`.",
"id": "GSD-2022-24765",
"references": [
"https://security.archlinux.org/CVE-2022-24765",
"https://www.suse.com/security/cve/CVE-2022-24765.html",
"https://ubuntu.com/security/CVE-2022-24765",
"https://advisories.mageia.org/CVE-2022-24765.html",
"https://alas.aws.amazon.com/cve/html/CVE-2022-24765.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-24765"
],
"details": "Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\\.git\\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\\Users` if the user profile is located in `C:\\Users\\my-user-name`.",
"id": "GSD-2022-24765",
"modified": "2023-12-13T01:19:43.363821Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24765",
"STATE": "PUBLIC",
"TITLE": "Uncontrolled search for the Git directory in Git for Windows"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "git",
"version": {
"version_data": [
{
"version_value": "\u003c 2.35.2"
}
]
}
}
]
},
"vendor_name": "git-for-windows"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\\.git\\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\\Users` if the user profile is located in `C:\\Users\\my-user-name`."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427: Uncontrolled Search Path Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2",
"refsource": "CONFIRM",
"url": "https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2"
},
{
"name": "https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash",
"refsource": "MISC",
"url": "https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash"
},
{
"name": "https://git-scm.com/docs/git#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode",
"refsource": "MISC",
"url": "https://git-scm.com/docs/git#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode"
},
{
"name": "[oss-security] 20220412 git v2.35.2 and friends for CVE-2022-24765",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/04/12/7"
},
{
"name": "FEDORA-2022-e99ae504f5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PTN5NYEHYN2OQSHSAMCNICZNK2U4QH6/"
},
{
"name": "FEDORA-2022-3759ebabd2",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BENQYTDGUL6TF3UALY6GSIEXIHUIYNWM/"
},
{
"name": "FEDORA-2022-2fec5f30be",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLP42KIZ6HACTVZMZLJLFJQ4W2XYT27M/"
},
{
"name": "https://support.apple.com/kb/HT213261",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213261"
},
{
"name": "20220516 APPLE-SA-2022-05-16-8 Xcode 13.4",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/May/31"
},
{
"name": "FEDORA-2022-dfd7e7fc0e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRZG5CDUQ27OWTPC5MQOR4UASNXHWEZS/"
},
{
"name": "FEDORA-2022-2a5de7cb8b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE/"
},
{
"name": "[debian-lts-announce] 20221213 [SECURITY] [DLA 3239-1] git security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html"
},
{
"name": "FEDORA-2023-470c7ea49e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIKWISWUDFT2FAITYIA6372BVLH3OOOC/"
},
{
"name": "FEDORA-2023-e3c8abd37e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YROCMBWYFKRSS64PO6FUNM6L7LKBUKVW/"
},
{
"name": "FEDORA-2023-1068309389",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVOLER2PIGMHPQMDGG4RDE2KZB74QLA2/"
},
{
"name": "FEDORA-2023-3ec32f6d4e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDZRZAL7QULOB6V7MKT66MOMWJLBJPX4/"
},
{
"name": "GLSA-202312-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202312-15"
}
]
},
"source": {
"advisory": "GHSA-vw2c-22j4-2fh2",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3ACE235-32E1-429A-9A82-628C9D25CADE",
"versionEndExcluding": "2.35.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC5ECCF-B646-4686-AE1E-6F1122B108BB",
"versionEndExcluding": "13.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\\.git\\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\\Users` if the user profile is located in `C:\\Users\\my-user-name`."
},
{
"lang": "es",
"value": "Git para Windows es un fork de Git que contiene parches espec\u00edficos para Windows. Esta vulnerabilidad afecta a usuarios que trabajan en m\u00e1quinas multiusuario, donde partes no confiables presentan acceso de escritura al mismo disco duro. Estas partes no confiables podr\u00edan crear la carpeta \"C:\\.git\", que ser\u00eda recogida por las operaciones de Git ejecutadas supuestamente fuera de un repositorio mientras es buscado un directorio Git. Git respetar\u00eda entonces cualquier configuraci\u00f3n en dicho directorio Git. Los usuarios de Git Bash que configuren \"GIT_PS1_SHOWDIRTYSTATE\" tambi\u00e9n son vulnerables. Los usuarios que hayan instalado posh-git son vulnerables simplemente al iniciar un PowerShell. Los usuarios de IDEs como Visual Studio son vulnerables: la simple creaci\u00f3n de un nuevo proyecto ya leer\u00eda y respetar\u00eda la configuraci\u00f3n especificada en \"C:\\.git\\config\". Los usuarios del fork de Microsoft de Git son vulnerables simplemente al iniciar un Git Bash. El problema ha sido parcheado en Git para Windows versi\u00f3n v2.35.2. Los usuarios que no puedan actualizarse pueden crear la carpeta \".git\" en todas las unidades en las que sean ejecutados comandos de Git, y eliminar el acceso de lectura/escritura de esas carpetas como medida de mitigaci\u00f3n. Como alternativa, defina o ampl\u00ede \"GIT_CEILING_DIRECTORIES\" para que cubra el directorio _parent_ del perfil de usuario, por ejemplo, \"C:\\Users\" si el perfil de usuario es encontrado en \"C:\\Users\\my-user-name\""
}
],
"id": "CVE-2022-24765",
"lastModified": "2023-12-27T10:15:37.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2022-04-12T18:15:09.390",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/May/31"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/04/12/7"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://git-scm.com/docs/git#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PTN5NYEHYN2OQSHSAMCNICZNK2U4QH6/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BENQYTDGUL6TF3UALY6GSIEXIHUIYNWM/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIKWISWUDFT2FAITYIA6372BVLH3OOOC/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVOLER2PIGMHPQMDGG4RDE2KZB74QLA2/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SLP42KIZ6HACTVZMZLJLFJQ4W2XYT27M/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRZG5CDUQ27OWTPC5MQOR4UASNXHWEZS/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDZRZAL7QULOB6V7MKT66MOMWJLBJPX4/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YROCMBWYFKRSS64PO6FUNM6L7LKBUKVW/"
},
{
"source": "security-advisories@github.com",
"url": "https://security.gentoo.org/glsa/202312-15"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213261"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
}
}
}
OPENSUSE-SU-2024:12003-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
git-2.35.3-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: git-2.35.3-1.1 on GA media
Description of the patch: These are all security issues fixed in the git-2.35.3-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12003
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.3 (High)
Affected products
Recommended
60 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:git-2.35.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-2.35.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-2.35.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-2.35.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-arch-2.35.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-arch-2.35.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-arch-2.35.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-arch-2.35.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-core-2.35.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-core-2.35.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-core-2.35.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-core-2.35.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-credential-gnome-keyring-2.35.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-credential-gnome-keyring-2.35.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-credential-gnome-keyring-2.35.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-credential-gnome-keyring-2.35.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-credential-libsecret-2.35.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-credential-libsecret-2.35.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-credential-libsecret-2.35.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-credential-libsecret-2.35.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-cvs-2.35.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-cvs-2.35.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-cvs-2.35.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-cvs-2.35.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-daemon-2.35.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-daemon-2.35.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-daemon-2.35.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-daemon-2.35.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-doc-2.35.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-doc-2.35.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-doc-2.35.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-doc-2.35.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-email-2.35.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-email-2.35.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-email-2.35.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-email-2.35.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-gui-2.35.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-gui-2.35.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-gui-2.35.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-gui-2.35.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-p4-2.35.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-p4-2.35.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-p4-2.35.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-p4-2.35.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-svn-2.35.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-svn-2.35.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-svn-2.35.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-svn-2.35.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-web-2.35.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-web-2.35.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-web-2.35.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:git-web-2.35.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gitk-2.35.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gitk-2.35.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gitk-2.35.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:gitk-2.35.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:perl-Git-2.35.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:perl-Git-2.35.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:perl-Git-2.35.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:perl-Git-2.35.3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
10 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2022-24765/ | self |
| https://www.suse.com/security/cve/CVE-2022-24765 | external |
| https://bugzilla.suse.com/1198234 | external |
| https://bugzilla.suse.com/1199109 | external |
| https://bugzilla.suse.com/1200119 | external |
| https://bugzilla.suse.com/1200201 | external |
| https://bugzilla.suse.com/1201431 | external |
| https://bugzilla.suse.com/1201794 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "git-2.35.3-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the git-2.35.3-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12003",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12003-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-24765 page",
"url": "https://www.suse.com/security/cve/CVE-2022-24765/"
}
],
"title": "git-2.35.3-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12003-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "git-2.35.3-1.1.aarch64",
"product": {
"name": "git-2.35.3-1.1.aarch64",
"product_id": "git-2.35.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "git-arch-2.35.3-1.1.aarch64",
"product": {
"name": "git-arch-2.35.3-1.1.aarch64",
"product_id": "git-arch-2.35.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "git-core-2.35.3-1.1.aarch64",
"product": {
"name": "git-core-2.35.3-1.1.aarch64",
"product_id": "git-core-2.35.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "git-credential-gnome-keyring-2.35.3-1.1.aarch64",
"product": {
"name": "git-credential-gnome-keyring-2.35.3-1.1.aarch64",
"product_id": "git-credential-gnome-keyring-2.35.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "git-credential-libsecret-2.35.3-1.1.aarch64",
"product": {
"name": "git-credential-libsecret-2.35.3-1.1.aarch64",
"product_id": "git-credential-libsecret-2.35.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "git-cvs-2.35.3-1.1.aarch64",
"product": {
"name": "git-cvs-2.35.3-1.1.aarch64",
"product_id": "git-cvs-2.35.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "git-daemon-2.35.3-1.1.aarch64",
"product": {
"name": "git-daemon-2.35.3-1.1.aarch64",
"product_id": "git-daemon-2.35.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "git-doc-2.35.3-1.1.aarch64",
"product": {
"name": "git-doc-2.35.3-1.1.aarch64",
"product_id": "git-doc-2.35.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "git-email-2.35.3-1.1.aarch64",
"product": {
"name": "git-email-2.35.3-1.1.aarch64",
"product_id": "git-email-2.35.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "git-gui-2.35.3-1.1.aarch64",
"product": {
"name": "git-gui-2.35.3-1.1.aarch64",
"product_id": "git-gui-2.35.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "git-p4-2.35.3-1.1.aarch64",
"product": {
"name": "git-p4-2.35.3-1.1.aarch64",
"product_id": "git-p4-2.35.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "git-svn-2.35.3-1.1.aarch64",
"product": {
"name": "git-svn-2.35.3-1.1.aarch64",
"product_id": "git-svn-2.35.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "git-web-2.35.3-1.1.aarch64",
"product": {
"name": "git-web-2.35.3-1.1.aarch64",
"product_id": "git-web-2.35.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "gitk-2.35.3-1.1.aarch64",
"product": {
"name": "gitk-2.35.3-1.1.aarch64",
"product_id": "gitk-2.35.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "perl-Git-2.35.3-1.1.aarch64",
"product": {
"name": "perl-Git-2.35.3-1.1.aarch64",
"product_id": "perl-Git-2.35.3-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "git-2.35.3-1.1.ppc64le",
"product": {
"name": "git-2.35.3-1.1.ppc64le",
"product_id": "git-2.35.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "git-arch-2.35.3-1.1.ppc64le",
"product": {
"name": "git-arch-2.35.3-1.1.ppc64le",
"product_id": "git-arch-2.35.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "git-core-2.35.3-1.1.ppc64le",
"product": {
"name": "git-core-2.35.3-1.1.ppc64le",
"product_id": "git-core-2.35.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "git-credential-gnome-keyring-2.35.3-1.1.ppc64le",
"product": {
"name": "git-credential-gnome-keyring-2.35.3-1.1.ppc64le",
"product_id": "git-credential-gnome-keyring-2.35.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "git-credential-libsecret-2.35.3-1.1.ppc64le",
"product": {
"name": "git-credential-libsecret-2.35.3-1.1.ppc64le",
"product_id": "git-credential-libsecret-2.35.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "git-cvs-2.35.3-1.1.ppc64le",
"product": {
"name": "git-cvs-2.35.3-1.1.ppc64le",
"product_id": "git-cvs-2.35.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "git-daemon-2.35.3-1.1.ppc64le",
"product": {
"name": "git-daemon-2.35.3-1.1.ppc64le",
"product_id": "git-daemon-2.35.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "git-doc-2.35.3-1.1.ppc64le",
"product": {
"name": "git-doc-2.35.3-1.1.ppc64le",
"product_id": "git-doc-2.35.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "git-email-2.35.3-1.1.ppc64le",
"product": {
"name": "git-email-2.35.3-1.1.ppc64le",
"product_id": "git-email-2.35.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "git-gui-2.35.3-1.1.ppc64le",
"product": {
"name": "git-gui-2.35.3-1.1.ppc64le",
"product_id": "git-gui-2.35.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "git-p4-2.35.3-1.1.ppc64le",
"product": {
"name": "git-p4-2.35.3-1.1.ppc64le",
"product_id": "git-p4-2.35.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "git-svn-2.35.3-1.1.ppc64le",
"product": {
"name": "git-svn-2.35.3-1.1.ppc64le",
"product_id": "git-svn-2.35.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "git-web-2.35.3-1.1.ppc64le",
"product": {
"name": "git-web-2.35.3-1.1.ppc64le",
"product_id": "git-web-2.35.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gitk-2.35.3-1.1.ppc64le",
"product": {
"name": "gitk-2.35.3-1.1.ppc64le",
"product_id": "gitk-2.35.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "perl-Git-2.35.3-1.1.ppc64le",
"product": {
"name": "perl-Git-2.35.3-1.1.ppc64le",
"product_id": "perl-Git-2.35.3-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "git-2.35.3-1.1.s390x",
"product": {
"name": "git-2.35.3-1.1.s390x",
"product_id": "git-2.35.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "git-arch-2.35.3-1.1.s390x",
"product": {
"name": "git-arch-2.35.3-1.1.s390x",
"product_id": "git-arch-2.35.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "git-core-2.35.3-1.1.s390x",
"product": {
"name": "git-core-2.35.3-1.1.s390x",
"product_id": "git-core-2.35.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "git-credential-gnome-keyring-2.35.3-1.1.s390x",
"product": {
"name": "git-credential-gnome-keyring-2.35.3-1.1.s390x",
"product_id": "git-credential-gnome-keyring-2.35.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "git-credential-libsecret-2.35.3-1.1.s390x",
"product": {
"name": "git-credential-libsecret-2.35.3-1.1.s390x",
"product_id": "git-credential-libsecret-2.35.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "git-cvs-2.35.3-1.1.s390x",
"product": {
"name": "git-cvs-2.35.3-1.1.s390x",
"product_id": "git-cvs-2.35.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "git-daemon-2.35.3-1.1.s390x",
"product": {
"name": "git-daemon-2.35.3-1.1.s390x",
"product_id": "git-daemon-2.35.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "git-doc-2.35.3-1.1.s390x",
"product": {
"name": "git-doc-2.35.3-1.1.s390x",
"product_id": "git-doc-2.35.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "git-email-2.35.3-1.1.s390x",
"product": {
"name": "git-email-2.35.3-1.1.s390x",
"product_id": "git-email-2.35.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "git-gui-2.35.3-1.1.s390x",
"product": {
"name": "git-gui-2.35.3-1.1.s390x",
"product_id": "git-gui-2.35.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "git-p4-2.35.3-1.1.s390x",
"product": {
"name": "git-p4-2.35.3-1.1.s390x",
"product_id": "git-p4-2.35.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "git-svn-2.35.3-1.1.s390x",
"product": {
"name": "git-svn-2.35.3-1.1.s390x",
"product_id": "git-svn-2.35.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "git-web-2.35.3-1.1.s390x",
"product": {
"name": "git-web-2.35.3-1.1.s390x",
"product_id": "git-web-2.35.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "gitk-2.35.3-1.1.s390x",
"product": {
"name": "gitk-2.35.3-1.1.s390x",
"product_id": "gitk-2.35.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "perl-Git-2.35.3-1.1.s390x",
"product": {
"name": "perl-Git-2.35.3-1.1.s390x",
"product_id": "perl-Git-2.35.3-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "git-2.35.3-1.1.x86_64",
"product": {
"name": "git-2.35.3-1.1.x86_64",
"product_id": "git-2.35.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-arch-2.35.3-1.1.x86_64",
"product": {
"name": "git-arch-2.35.3-1.1.x86_64",
"product_id": "git-arch-2.35.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-core-2.35.3-1.1.x86_64",
"product": {
"name": "git-core-2.35.3-1.1.x86_64",
"product_id": "git-core-2.35.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-credential-gnome-keyring-2.35.3-1.1.x86_64",
"product": {
"name": "git-credential-gnome-keyring-2.35.3-1.1.x86_64",
"product_id": "git-credential-gnome-keyring-2.35.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-credential-libsecret-2.35.3-1.1.x86_64",
"product": {
"name": "git-credential-libsecret-2.35.3-1.1.x86_64",
"product_id": "git-credential-libsecret-2.35.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-cvs-2.35.3-1.1.x86_64",
"product": {
"name": "git-cvs-2.35.3-1.1.x86_64",
"product_id": "git-cvs-2.35.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-daemon-2.35.3-1.1.x86_64",
"product": {
"name": "git-daemon-2.35.3-1.1.x86_64",
"product_id": "git-daemon-2.35.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-doc-2.35.3-1.1.x86_64",
"product": {
"name": "git-doc-2.35.3-1.1.x86_64",
"product_id": "git-doc-2.35.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-email-2.35.3-1.1.x86_64",
"product": {
"name": "git-email-2.35.3-1.1.x86_64",
"product_id": "git-email-2.35.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-gui-2.35.3-1.1.x86_64",
"product": {
"name": "git-gui-2.35.3-1.1.x86_64",
"product_id": "git-gui-2.35.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-p4-2.35.3-1.1.x86_64",
"product": {
"name": "git-p4-2.35.3-1.1.x86_64",
"product_id": "git-p4-2.35.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-svn-2.35.3-1.1.x86_64",
"product": {
"name": "git-svn-2.35.3-1.1.x86_64",
"product_id": "git-svn-2.35.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "git-web-2.35.3-1.1.x86_64",
"product": {
"name": "git-web-2.35.3-1.1.x86_64",
"product_id": "git-web-2.35.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "gitk-2.35.3-1.1.x86_64",
"product": {
"name": "gitk-2.35.3-1.1.x86_64",
"product_id": "gitk-2.35.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "perl-Git-2.35.3-1.1.x86_64",
"product": {
"name": "perl-Git-2.35.3-1.1.x86_64",
"product_id": "perl-Git-2.35.3-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "git-2.35.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-2.35.3-1.1.aarch64"
},
"product_reference": "git-2.35.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-2.35.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-2.35.3-1.1.ppc64le"
},
"product_reference": "git-2.35.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-2.35.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-2.35.3-1.1.s390x"
},
"product_reference": "git-2.35.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-2.35.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-2.35.3-1.1.x86_64"
},
"product_reference": "git-2.35.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-arch-2.35.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-arch-2.35.3-1.1.aarch64"
},
"product_reference": "git-arch-2.35.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-arch-2.35.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-arch-2.35.3-1.1.ppc64le"
},
"product_reference": "git-arch-2.35.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-arch-2.35.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-arch-2.35.3-1.1.s390x"
},
"product_reference": "git-arch-2.35.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-arch-2.35.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-arch-2.35.3-1.1.x86_64"
},
"product_reference": "git-arch-2.35.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.35.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-core-2.35.3-1.1.aarch64"
},
"product_reference": "git-core-2.35.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.35.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-core-2.35.3-1.1.ppc64le"
},
"product_reference": "git-core-2.35.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.35.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-core-2.35.3-1.1.s390x"
},
"product_reference": "git-core-2.35.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-core-2.35.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-core-2.35.3-1.1.x86_64"
},
"product_reference": "git-core-2.35.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-credential-gnome-keyring-2.35.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-credential-gnome-keyring-2.35.3-1.1.aarch64"
},
"product_reference": "git-credential-gnome-keyring-2.35.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-credential-gnome-keyring-2.35.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-credential-gnome-keyring-2.35.3-1.1.ppc64le"
},
"product_reference": "git-credential-gnome-keyring-2.35.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-credential-gnome-keyring-2.35.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-credential-gnome-keyring-2.35.3-1.1.s390x"
},
"product_reference": "git-credential-gnome-keyring-2.35.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-credential-gnome-keyring-2.35.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-credential-gnome-keyring-2.35.3-1.1.x86_64"
},
"product_reference": "git-credential-gnome-keyring-2.35.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-credential-libsecret-2.35.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-credential-libsecret-2.35.3-1.1.aarch64"
},
"product_reference": "git-credential-libsecret-2.35.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-credential-libsecret-2.35.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-credential-libsecret-2.35.3-1.1.ppc64le"
},
"product_reference": "git-credential-libsecret-2.35.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-credential-libsecret-2.35.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-credential-libsecret-2.35.3-1.1.s390x"
},
"product_reference": "git-credential-libsecret-2.35.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-credential-libsecret-2.35.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-credential-libsecret-2.35.3-1.1.x86_64"
},
"product_reference": "git-credential-libsecret-2.35.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cvs-2.35.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-cvs-2.35.3-1.1.aarch64"
},
"product_reference": "git-cvs-2.35.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cvs-2.35.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-cvs-2.35.3-1.1.ppc64le"
},
"product_reference": "git-cvs-2.35.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cvs-2.35.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-cvs-2.35.3-1.1.s390x"
},
"product_reference": "git-cvs-2.35.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-cvs-2.35.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-cvs-2.35.3-1.1.x86_64"
},
"product_reference": "git-cvs-2.35.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-daemon-2.35.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-daemon-2.35.3-1.1.aarch64"
},
"product_reference": "git-daemon-2.35.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-daemon-2.35.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-daemon-2.35.3-1.1.ppc64le"
},
"product_reference": "git-daemon-2.35.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-daemon-2.35.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-daemon-2.35.3-1.1.s390x"
},
"product_reference": "git-daemon-2.35.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-daemon-2.35.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-daemon-2.35.3-1.1.x86_64"
},
"product_reference": "git-daemon-2.35.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-doc-2.35.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-doc-2.35.3-1.1.aarch64"
},
"product_reference": "git-doc-2.35.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-doc-2.35.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-doc-2.35.3-1.1.ppc64le"
},
"product_reference": "git-doc-2.35.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-doc-2.35.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-doc-2.35.3-1.1.s390x"
},
"product_reference": "git-doc-2.35.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-doc-2.35.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-doc-2.35.3-1.1.x86_64"
},
"product_reference": "git-doc-2.35.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-email-2.35.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-email-2.35.3-1.1.aarch64"
},
"product_reference": "git-email-2.35.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-email-2.35.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-email-2.35.3-1.1.ppc64le"
},
"product_reference": "git-email-2.35.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-email-2.35.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-email-2.35.3-1.1.s390x"
},
"product_reference": "git-email-2.35.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-email-2.35.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-email-2.35.3-1.1.x86_64"
},
"product_reference": "git-email-2.35.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-gui-2.35.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-gui-2.35.3-1.1.aarch64"
},
"product_reference": "git-gui-2.35.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-gui-2.35.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-gui-2.35.3-1.1.ppc64le"
},
"product_reference": "git-gui-2.35.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-gui-2.35.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-gui-2.35.3-1.1.s390x"
},
"product_reference": "git-gui-2.35.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-gui-2.35.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-gui-2.35.3-1.1.x86_64"
},
"product_reference": "git-gui-2.35.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-p4-2.35.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-p4-2.35.3-1.1.aarch64"
},
"product_reference": "git-p4-2.35.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-p4-2.35.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-p4-2.35.3-1.1.ppc64le"
},
"product_reference": "git-p4-2.35.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-p4-2.35.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-p4-2.35.3-1.1.s390x"
},
"product_reference": "git-p4-2.35.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-p4-2.35.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-p4-2.35.3-1.1.x86_64"
},
"product_reference": "git-p4-2.35.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-svn-2.35.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-svn-2.35.3-1.1.aarch64"
},
"product_reference": "git-svn-2.35.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-svn-2.35.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-svn-2.35.3-1.1.ppc64le"
},
"product_reference": "git-svn-2.35.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-svn-2.35.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-svn-2.35.3-1.1.s390x"
},
"product_reference": "git-svn-2.35.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-svn-2.35.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-svn-2.35.3-1.1.x86_64"
},
"product_reference": "git-svn-2.35.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-web-2.35.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-web-2.35.3-1.1.aarch64"
},
"product_reference": "git-web-2.35.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-web-2.35.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-web-2.35.3-1.1.ppc64le"
},
"product_reference": "git-web-2.35.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-web-2.35.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-web-2.35.3-1.1.s390x"
},
"product_reference": "git-web-2.35.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-web-2.35.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:git-web-2.35.3-1.1.x86_64"
},
"product_reference": "git-web-2.35.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitk-2.35.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gitk-2.35.3-1.1.aarch64"
},
"product_reference": "gitk-2.35.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitk-2.35.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gitk-2.35.3-1.1.ppc64le"
},
"product_reference": "gitk-2.35.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitk-2.35.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gitk-2.35.3-1.1.s390x"
},
"product_reference": "gitk-2.35.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gitk-2.35.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gitk-2.35.3-1.1.x86_64"
},
"product_reference": "gitk-2.35.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-Git-2.35.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-Git-2.35.3-1.1.aarch64"
},
"product_reference": "perl-Git-2.35.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-Git-2.35.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-Git-2.35.3-1.1.ppc64le"
},
"product_reference": "perl-Git-2.35.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-Git-2.35.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-Git-2.35.3-1.1.s390x"
},
"product_reference": "perl-Git-2.35.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-Git-2.35.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:perl-Git-2.35.3-1.1.x86_64"
},
"product_reference": "perl-Git-2.35.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-24765",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-24765"
}
],
"notes": [
{
"category": "general",
"text": "Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\\.git\\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\\Users` if the user profile is located in `C:\\Users\\my-user-name`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:git-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-arch-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-arch-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-arch-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-arch-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-core-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-core-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-core-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-core-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-cvs-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-cvs-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-cvs-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-daemon-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-daemon-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-daemon-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-doc-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-doc-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-doc-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-doc-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-email-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-email-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-email-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-email-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-gui-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-gui-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-gui-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-gui-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-p4-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-p4-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-p4-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-p4-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-svn-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-svn-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-svn-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-svn-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-web-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-web-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-web-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-web-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:gitk-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:gitk-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:gitk-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:gitk-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:perl-Git-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:perl-Git-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:perl-Git-2.35.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-24765",
"url": "https://www.suse.com/security/cve/CVE-2022-24765"
},
{
"category": "external",
"summary": "SUSE Bug 1198234 for CVE-2022-24765",
"url": "https://bugzilla.suse.com/1198234"
},
{
"category": "external",
"summary": "SUSE Bug 1199109 for CVE-2022-24765",
"url": "https://bugzilla.suse.com/1199109"
},
{
"category": "external",
"summary": "SUSE Bug 1200119 for CVE-2022-24765",
"url": "https://bugzilla.suse.com/1200119"
},
{
"category": "external",
"summary": "SUSE Bug 1200201 for CVE-2022-24765",
"url": "https://bugzilla.suse.com/1200201"
},
{
"category": "external",
"summary": "SUSE Bug 1201431 for CVE-2022-24765",
"url": "https://bugzilla.suse.com/1201431"
},
{
"category": "external",
"summary": "SUSE Bug 1201794 for CVE-2022-24765",
"url": "https://bugzilla.suse.com/1201794"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:git-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-arch-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-arch-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-arch-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-arch-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-core-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-core-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-core-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-core-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-cvs-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-cvs-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-cvs-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-daemon-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-daemon-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-daemon-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-doc-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-doc-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-doc-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-doc-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-email-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-email-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-email-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-email-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-gui-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-gui-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-gui-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-gui-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-p4-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-p4-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-p4-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-p4-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-svn-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-svn-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-svn-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-svn-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-web-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-web-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-web-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-web-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:gitk-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:gitk-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:gitk-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:gitk-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:perl-Git-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:perl-Git-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:perl-Git-2.35.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:git-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-arch-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-arch-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-arch-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-arch-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-core-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-core-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-core-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-core-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-credential-gnome-keyring-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-credential-libsecret-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-credential-libsecret-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-credential-libsecret-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-credential-libsecret-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-cvs-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-cvs-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-cvs-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-cvs-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-daemon-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-daemon-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-daemon-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-daemon-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-doc-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-doc-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-doc-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-doc-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-email-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-email-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-email-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-email-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-gui-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-gui-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-gui-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-gui-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-p4-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-p4-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-p4-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-p4-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-svn-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-svn-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-svn-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-svn-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:git-web-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:git-web-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:git-web-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:git-web-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:gitk-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:gitk-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:gitk-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:gitk-2.35.3-1.1.x86_64",
"openSUSE Tumbleweed:perl-Git-2.35.3-1.1.aarch64",
"openSUSE Tumbleweed:perl-Git-2.35.3-1.1.ppc64le",
"openSUSE Tumbleweed:perl-Git-2.35.3-1.1.s390x",
"openSUSE Tumbleweed:perl-Git-2.35.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-24765"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…