CVSS: 9.8EPSS: 2%CPEs: 10EXPL: 0CVE-2022-23521 – gitattributes parsing integer overflow in git
https://notcve.org/view.php?id=CVE-2022-23521
Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. • https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76 https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89 https://security.gentoo.org/glsa/202312-15 https://access.redhat.com/security/cve/CVE-2022-23521 https://bugzilla.redhat.com/show_bug.cgi?id=2162055 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-41903 – Integer overflow in `git archive`, `git log --format` leading to RCE in git
https://notcve.org/view.php?id=CVE-2022-41903
Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). • https://git-scm.com/book/en/v2/Customizing-Git-Git-Attributes#_export_subst https://git-scm.com/docs/pretty-formats#Documentation/pretty-formats.txt-emltltNgttruncltruncmtruncem https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76 https://github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwq https://security.gentoo.org/glsa/202312-15 https://access.redhat.com/security/cve/CVE-2022-41903 https://bugzilla.redhat.com/show_bug.cgi?id=2162056 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41953 – Git clone remote code execution vulnerability in git-for-windows
https://notcve.org/view.php?id=CVE-2022-41953
Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it, among other things running a spell checker called `aspell.exe` if it was found. Git GUI is implemented as a Tcl/Tk script. • https://github.com/git-for-windows/git/commit/7360767e8dfc1895a932324079f7d45d7791d39f https://github.com/git-for-windows/git/pull/4219 https://github.com/git-for-windows/git/security/advisories/GHSA-v4px-mx59-w99c https://www.tcl.tk/man/tcl8.6/TclCmd/exec.html#M23 • CWE-426: Untrusted Search Path •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38663
https://notcve.org/view.php?id=CVE-2022-38663
Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding. Jenkins Git Plugin versiones 4.11.4 y anteriores, no enmascara apropiadamente (es decir, reemplaza con asteriscos) las credenciales en el registro de construcción proporcionado por el enlace de credenciales Git Username and Password ("gitUsernamePassword"). • http://www.openwall.com/lists/oss-security/2022/08/23/2 https://www.jenkins.io/security/advisory/2022-08-23/#SECURITY-2796 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36884 – plugin: Lack of authentication mechanism in Git Plugin webhook
https://notcve.org/view.php?id=CVE-2022-36884
The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository. El endpoint de webhook en Jenkins Git Plugin versiones4.11.3 y anteriores, proporciona a atacantes no autenticados información sobre la existencia de trabajos configurados para usar un repositorio Git especificado por el atacante • http://www.openwall.com/lists/oss-security/2022/07/27/1 https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-284 https://access.redhat.com/security/cve/CVE-2022-36884 https://bugzilla.redhat.com/show_bug.cgi?id=2119657 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-306: Missing Authentication for Critical Function •