CVE-2019-1348 Information

Feb 14, 2021 cve

Description

An issue was found in Git before v2.24.1 v2.23.1 v2.22.2 v2.21.1 v2.20.2 v2.19.3 v2.18.2 v2.17.3 v2.16.6 v2.15.4 and v2.14.6. The –export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=… and it allows overwriting arbitrary paths.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Reference

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html https://access.redhat.com/errata/RHSA-2020:0228 https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/u https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/ https://security.gentoo.org/glsa/202003-30 https://security.gentoo.org/glsa/202003-42 https://support.apple.com/kb/HT210729

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

3.3

Share on: