CVE-2022-29187 – Bypass of safe.directory protections in Git
https://notcve.org/view.php?id=CVE-2022-29187
Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. • http://seclists.org/fulldisclosure/2022/Nov/1 http://www.openwall.com/lists/oss-security/2022/07/14/1 https://github.blog/2022-04-12-git-security-vulnerability-announced https://github.com/git/git/security/advisories/GHSA-j342-m5hw-rr3v https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro • CWE-282: Improper Ownership Management CWE-427: Uncontrolled Search Path Element •
CVE-2022-30947
https://notcve.org/view.php?id=CVE-2022-30947
Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. El Plugin Git de Jenkins versiones 4.11.1 y anteriores, permiten a atacantes configurar los pipelines para comprobar algunos repositorios SCM almacenados en el sistema de archivos del controlador de Jenkins usando rutas locales como URLs SCM, obteniendo información limitada sobre los contenidos SCM de otros proyectos • http://www.openwall.com/lists/oss-security/2022/05/17/8 https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2478 •
CVE-2022-24765 – Uncontrolled search for the Git directory in Git for Windows
https://notcve.org/view.php?id=CVE-2022-24765
Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. • http://seclists.org/fulldisclosure/2022/May/31 http://www.openwall.com/lists/oss-security/2022/04/12/7 https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash https://git-scm.com/docs/git#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2 https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedor • CWE-427: Uncontrolled Search Path Element •
CVE-2022-24975
https://notcve.org/view.php?id=CVE-2022-24975
The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option. Note: This has been disputed by multiple 3rd parties who believe this is an intended feature of the git binary and does not pose a security risk. La documentación --mirror para Git versiones hasta 2.35.1, no menciona la disponibilidad del contenido eliminado, también se conoce como el problema "GitBleed". Esto podría presentar un riesgo de seguridad si los procesos de auditoría de divulgación de información dependen de una operación de clonación sin la opción --mirror • https://github.com/git/git/blob/2dc94da3744bfbbf145eca587a0f5ff480cc5867/Documentation/git-clone.txt#L185-L191 https://wwws.nightwatchcybersecurity.com/2022/02/11/gitbleed https://www.aquasec.com/blog/undetected-hard-code-secrets-expose-corporations https://lore.kernel.org/git/xmqq4k14qe9g.fsf%40gitster.g • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2021-21684 – jenkins-2-plugins/git: stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2021-21684
Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability. El plugin Git de Jenkins versiones 4.8.2 y anteriores, no escapa a los parámetros de suma de comprobación Git SHA-1 proporcionados a las notificaciones de commit cuando se muestran en una causa de construcción, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado A stored cross-site scripting (XSS) vulnerability was found in the Jenkins Git plugin. Due to not escaping the Git SHA-1 checksum parameters provided to commit notifications, an attacker is able to submit crafted commit notifications to the `/git/notifyCommit` endpoint. • http://www.openwall.com/lists/oss-security/2021/10/06/1 https://www.jenkins.io/security/advisory/2021-10-06/#SECURITY-2499 https://access.redhat.com/security/cve/CVE-2021-21684 https://bugzilla.redhat.com/show_bug.cgi?id=2011949 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-116: Improper Encoding or Escaping of Output •