CVE-2022-24975 Information

Description

The –mirror documentation for Git through 2.35.1 does not mention the availability of deleted content aka the \GitBleed\ issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the –mirror option.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://wwws.nightwatchcybersecurity.com/2022/02/11/gitbleed/ https://github.com/git/git/blob/2dc94da3744bfbbf145eca587a0f5ff480cc5867/Documentation/git-clone.txt#L185-L191

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5