CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2020-11008 – Malicious URLs can still cause Git to send a stored credential to the wrong server
https://notcve.org/view.php?id=CVE-2020-11008
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a "blank" pattern to helpers, missing hostname and protocol fields. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html http://seclists.org/fulldisclosure/2020/May/41 https://github.com/git/git/commit/c44088ecc4b0722636e0a305f9608d3047197282 https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7 https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q https://lists.debian.org/debian-lts-announce/2020/04/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74Q7WVJ6FKLIN62VS2JD2XCNW • CWE-20: Improper Input Validation CWE-522: Insufficiently Protected Credentials •
CVSS: 9.3EPSS: 0%CPEs: 20EXPL: 2CVE-2020-5260 – malicious URLs may cause Git to present stored credentials to the wrong server
https://notcve.org/view.php?id=CVE-2020-5260
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. • https://github.com/sv3nbeast/CVE-2020-5260 https://github.com/Asgavar/CVE-2020-5260 http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html http://packetstormsecurity.com/files/157250/Git-Credential-Helper-Protocol-Newline-Injection.html http://www.openwall.com/lists/oss-security/2020/04/15/5 http://www.openwall.com/lists/oss-security/2020/04/15/6 http://www.openwall.com/lists/oss-security&#x • CWE-20: Improper Input Validation CWE-522: Insufficiently Protected Credentials •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2136 – jenkins-git-plugin: stored cross-site scripting
https://notcve.org/view.php?id=CVE-2020-2136
Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability. Jenkins Git Plugin versiones 4.2.0 y anteriores, no escapa al mensaje de error de la URL del repositorio para la comprobación del formulario del campo TFS de Microsoft, resultando en una vulnerabilidad de tipo cross-site scripting almacenado. • http://www.openwall.com/lists/oss-security/2020/03/09/1 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1723 https://access.redhat.com/security/cve/CVE-2020-2136 https://bugzilla.redhat.com/show_bug.cgi?id=1819074 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 1CVE-2019-19604
https://notcve.org/view.php?id=CVE-2019-19604
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository. Una ejecución de comandos arbitrarios es posible en Git versiones anteriores a 2.20.2, versiones 2.21.x anteriores a 2.21.1, versiones 2.22.x anteriores a 2.22.2, versiones 2.23.x anteriores a 2.23.1 y versiones 2.24.x anteriores a 2.24.1, porque una operación "git submodule update" puede ejecutar comandos encontrados en el archivo .gitmodules de un repositorio malicioso. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html http://www.openwall.com/lists/oss-security/2019/12/13/1 https://gitlab.com/gitlab-com/gl-security/disclosures/blob/master/003_git_submodule/advisory.md https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCYSSCA5ZTEP46SB4XRPSQGFV2L3NKMZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/mes • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1003010
https://notcve.org/view.php?id=CVE-2019-1003010
A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record. Existe una vulnerabilidad Cross-Site Request Forgery (CSRF) en Jenkins Git Plugin, en versiones 3.9.1 y anteriores, en src/main/java/hudson/plugins/git/GitTagAction.java, que permite que los atacantes creen una etiqueta Git en un espacio de trabajo y adjunten los metadatos correspondientes a un registro de builds. • https://access.redhat.com/errata/RHBA-2019:0326 https://access.redhat.com/errata/RHBA-2019:0327 https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1095 • CWE-352: Cross-Site Request Forgery (CSRF) •