CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2023-25652 – "git apply --reject" partially-controlled arbitrary file write
https://notcve.org/view.php?id=CVE-2023-25652
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists. • http://www.openwall.com/lists/oss-security/2023/04/25/2 https://github.com/git/git/commit/18e2b1cfc80990719275d7b08e6e50f3e8cbc902 https://github.com/git/git/commit/668f2d53613ac8fd373926ebe219f2c29112d93e https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BSXOGVVBJLYX26IAYX6PJSYQB36BREWH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PI7FZ4NNR5S5J5K6AMVQBH2JFP6NE4L7 https://lists.fe • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22743 – Git for Windows' installer is susceptible to DLL side loading attacks
https://notcve.org/view.php?id=CVE-2023-22743
Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, by carefully crafting DLL and putting into a subdirectory of a specific name living next to the Git for Windows installer, Windows can be tricked into side-loading said DLL. This potentially allows users with local write access to place malicious payloads in a location where automated upgrades might run the Git for Windows installer with elevation. Version 2.39.2 contains a patch for this issue. Some workarounds are available. • https://attack.mitre.org/techniques/T1574/002 https://github.com/git-for-windows/git/releases/tag/v2.39.2.windows.1 https://github.com/git-for-windows/git/security/advisories/GHSA-gf48-x3vr-j5c3 https://github.com/git-for-windows/git/security/advisories/GHSA-p2x9-prp4-8gvq https://learn.microsoft.com/en-us/windows/win32/controls/cookbook-overview?redirectedfrom=MSDN#using-comctl32dll-version-6-in-an-application-that-uses-only-standard-extensions https://learn.microsoft.com/en-us/windows/win32& • CWE-426: Untrusted Search Path •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23618 – gitk can inadvertently call executables in the worktree
https://notcve.org/view.php?id=CVE-2023-23618
Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, when `gitk` is run on Windows, it potentially runs executables from the current directory inadvertently, which can be exploited with some social engineering to trick users into running untrusted code. A patch is available in version 2.39.2. As a workaround, avoid using `gitk` (or Git GUI's "Visualize History" functionality) in clones of untrusted repositories. • https://github.com/git-for-windows/git/commit/49a8ec9dac3cec6602f05fed1b3f80a549c8c05c https://github.com/git-for-windows/git/releases/tag/v2.39.2.windows.1 https://github.com/git-for-windows/git/security/advisories/GHSA-wxwv-49qw-35pm https://wiki.tcl-lang.org/page/exec • CWE-426: Untrusted Search Path •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2023-23946 – Git's `git apply` overwriting paths outside the working tree
https://notcve.org/view.php?id=CVE-2023-23946
Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link. A vulnerability was found in Git. • https://github.com/bruno-1337/CVE-2023-23946-POC https://github.com/git/git/commit/c867e4fa180bec4750e9b54eb10f459030dbebfd https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh https://security.gentoo.org/glsa/202312-15 https://access.redhat.com/security/cve/CVE-2023-23946 https://bugzilla.redhat.com/show_bug.cgi?id=2168161 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-22490 – Git vulnerable to local clone-based data exfiltration with non-local transports
https://notcve.org/view.php?id=CVE-2023-22490
Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. A fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. • https://github.com/git/git/commit/c867e4fa180bec4750e9b54eb10f459030dbebfd https://github.com/git/git/security/advisories/GHSA-3wp6-j8xr-qw85 https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q https://security.gentoo.org/glsa/202312-15 https://access.redhat.com/security/cve/CVE-2023-22490 https://bugzilla.redhat.com/show_bug.cgi?id=2168160 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •