CVE-2018-3785
https://notcve.org/view.php?id=CVE-2018-3785
A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter. Una inyección de comandos en git-dummy-commit v1.3.0 permite ejecutar comandos a nivel de sistema operativo debido a un parámetro no escapado. • https://hackerone.com/reports/341710 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2018-1000182
https://notcve.org/view.php?id=CVE-2018-1000182
A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. Existe una vulnerabilidad Server-Side Request Forgery en el plugin Git en versiones 3.9.0 y anteriores de Jenkins en AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java y ViewGitWeb.java que permite que los atacantes con acceso Overall/Read provoquen que Jenkins envíe una petición GET a un URL específico. • https://jenkins.io/security/advisory/2018-06-04/#SECURITY-810 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2018-11235 – git: arbitrary code execution when recursively cloning a malicious repository
https://notcve.org/view.php?id=CVE-2018-11235
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server. En Git, en versiones anteriores a la 2.13.7, versiones 2.14.x anteriores a la 2.14.4, versiones 2.15.x anteriores a la 2.15.2, versiones 2.16.x anteriores a la 2.16.4 y versiones 2.17.x anteriores a la 2.17.1, puede ocurrir una ejecución remota de código. Con un archivo .gitmodules manipulado, un proyecto malicioso puede ejecutar un script arbitrario en una máquina que ejecuta "git clone --recurse-submodules" debido a que se obtienen "nombres" de subdominios de este archivo y luego se anexa a $GIT_DIR/modules, lo que conduce a un salto de directorio con "../" en un nombre. • https://github.com/Rogdham/CVE-2018-11235 https://github.com/CHYbeta/CVE-2018-11235-DEMO https://github.com/qweraqq/CVE-2018-11235-Git-Submodule-CE https://github.com/j4k0m/CVE-2018-11235 https://github.com/knqyf263/CVE-2018-11235 https://github.com/AnonymKing/CVE-2018-11235 https://github.com/ygouzerh/CVE-2018-11235 https://github.com/vmotos/CVE-2018-11235 https://github.com/xElkomy/CVE-2018-11235 https://github.com/jhswartz/CVE-2018-11235 https://github.com • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2018-11233 – git: path sanity check in is_ntfs_dotgit() can read arbitrary memory
https://notcve.org/view.php?id=CVE-2018-11233
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. En Git, en versiones anteriores a la 2.13.7, versiones 2.14.x anteriores a la 2.14.4, versiones 2.15.x anteriores a la 2.15.2, versiones 2.16.x anteriores a la 2.16.4 y versiones 2.17.x anteriores a la 2.17.1, el código para comprobar el saneamiento de los nombres de ruta en NTFS puede resultar en la lectura de memoria fuera de límites. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html http://www.securityfocus.com/bid/104346 http://www.securitytracker.com/id/1040991 https://access.redhat.com/errata/RHSA-2018:2147 https://marc.info/?l=git&m=152761328506724&w=2 https://security.gentoo.org/glsa/201805-13 https://usn.ubuntu.com/3671-1 https://access.redhat.com/security/cve/CVE-2018-11233 https://bugzilla.redhat.com/show_bug.cgi?id=1583888 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVE-2018-1000110
https://notcve.org/view.php?id=CVE-2018-1000110
An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users. Existe una vulnerabilidad de autorización incorrecta en el plugin Git para Jenkins, en versiones 3.7.0 y anteriores, en GitStatus.java que permite que un atacante con acceso de red obtenga una lista de nodos y usuarios. • https://jenkins.io/security/advisory/2018-02-26/#SECURITY-723 • CWE-863: Incorrect Authorization •