Today > 1 Critical | 5 High | 21 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-32465

May 14, 2024, 8:15 p.m.

CVSS Score

7.3 / 10

Product(s) Impacted

Git

  • 2.45.1
  • 2.44.1
  • 2.43.4
  • 2.42.2
  • 2.41.1
  • 2.40.2
  • 2.39.4

Description

Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004. But there are circumstances where the fixes for CVE-2024-32004 are not enough: For example, when obtaining a `.zip` file containing a full copy of a Git repository, it should not be trusted by default to be safe, as e.g. hooks could be configured to run within the context of that repository. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid using Git in repositories that have been obtained via archives from untrusted sources.

Weaknesses

Date

Published: May 14, 2024, 8:15 p.m.

Last Modified: May 14, 2024, 8:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

CVSS Data

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score
7.3
Exploitability Score
Impact Score
Base Severity
HIGH
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References

https://git-scm.com/ security-advisories@github.com

https://git-scm.com/ security-advisories@github.com

https://github.com/ security-advisories@github.com

https://github.com/ security-advisories@github.com