ALT-PU-2017-1592-1
Closed vulnerabilities
Published: 2017-06-01
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-8386
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
Severity: HIGH (8.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- openSUSE-SU-2017:1422
- openSUSE-SU-2017:1422
- [git] 20170510 [ANNOUNCE] Git v2.12.3 and others
- [git] 20170510 [ANNOUNCE] Git v2.12.3 and others
- DSA-3848
- DSA-3848
- 98409
- 98409
- 1038479
- 1038479
- USN-3287-1
- USN-3287-1
- RHSA-2017:2004
- RHSA-2017:2004
- RHSA-2017:2491
- RHSA-2017:2491
- https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/
- https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/
- https://kernel.googlesource.com/pub/scm/git/git/+/3ec804490a265f4c418a321428c12f3f18b7eff5
- https://kernel.googlesource.com/pub/scm/git/git/+/3ec804490a265f4c418a321428c12f3f18b7eff5
- FEDORA-2017-01a7989fc0
- FEDORA-2017-01a7989fc0
- FEDORA-2017-f4319b6dfc
- FEDORA-2017-f4319b6dfc
- FEDORA-2017-7ea0e02914
- FEDORA-2017-7ea0e02914
- GLSA-201706-04
- GLSA-201706-04