exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2022-24765

Status Candidate

Overview

Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`.

Related Files

Red Hat Security Advisory 2024-0407-03
Posted Jan 26, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0407-03 - An update for git is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2022-24765
SHA-256 | 23b4891abed874759d963fa79966779673c8b9041935c19ad2b78eca7ec99bf4
Gentoo Linux Security Advisory 202312-15
Posted Dec 27, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202312-15 - Several vulnerabilities have been found in Git, the worst of which could lead to remote code execution. Versions greater than or equal to 2.39.3 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2022-23521, CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2022-41903, CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007
SHA-256 | 40da540c38bd337ca3d0a368d288902ef88dd450d5f78bccef5cef2ef2758381
Red Hat Security Advisory 2023-2859-01
Posted May 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2859-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260
SHA-256 | 5972862db2b99cd76fbd52618d485ef63597c8d8a998aba739b194b445e06598
Red Hat Security Advisory 2023-2319-01
Posted May 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2319-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260
SHA-256 | 2098c73a1f8398640e4aea36237386bb82d33a6b03b5e3b2b5cb62059184e459
Debian Security Advisory 5332-1
Posted Jan 30, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5332-1 - Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.

tags | advisory, remote, arbitrary, shell, local, code execution
systems | linux, debian
advisories | CVE-2022-23521, CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2022-41903
SHA-256 | da3283ba137fd88f874430e108ec655e6a4a13b1797054b92dadf3a00e03641d
Ubuntu Security Notice USN-5511-1
Posted Jul 14, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5511-1 - Carlo Marcelo Arenas Belon discovered that an issue related to CVE-2022-24765 still affected Git. An attacker could possibly use this issue to run arbitrary commands as administrator.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-24765, CVE-2022-29187
SHA-256 | 2187042902f29974eefb77be62b823733a9b3d98380581f7bb2aa7ceb8e00186
Apple Security Advisory 2022-05-16-8
Posted May 17, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-05-16-8 - Xcode 13.4 addresses a logic issue and a privilege escalation issue.

tags | advisory
systems | apple
advisories | CVE-2022-24765, CVE-2022-26747
SHA-256 | c266aa12d798ccdb031d143994f826f99d717c888f235ee75d57e681c3161798
Ubuntu Security Notice USN-5376-2
Posted Apr 26, 2022
Site security.ubuntu.com

Ubuntu Security Notice 5376-2 - USN-5376-1 fixed vulnerabilities in Git. This update provides the corresponding updates for Ubuntu 22.04 LTS. 俞晨东 discovered that Git incorrectly handled certain repository paths in platforms with multiple users support. An attacker could possibly use this issue to run arbitrary commands.

advisories | CVE-2022-24765
Ubuntu Security Notice USN-5376-1
Posted Apr 13, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5376-1 - 俞晨东 discovered that Git incorrectly handled certain repository paths in platforms with multiple users support. An attacker could possibly use this issue to run arbitrary commands.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-24765
SHA-256 | 3b2b24b2e408dd5b955b1779628e7854a08ca7ba76b3490af417073560f489cd
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close