CVSS: 7.5EPSS: 0%CPEs: 124EXPL: 0CVE-2017-1000092
https://notcve.org/view.php?id=CVE-2017-1000092
Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server. El plugin Git se conecta a un repositorio de Git especificado por el usuario como parte de la validación de formularios. Un atacante que no tenga acceso directo a Jenkins pero que pueda adivinar un ID de credenciales de nombre de usuario/contraseña podría engañar a un desarrollador con permisos de configuración de tareas para que acceda a un enlace con una URL Jenkins manipulada con fines maliciosos, lo que puede provocar que el cliente de Git de Jenkins envíe el nombre de usuario y la contraseña a un servidor controlado por el atacante. • http://www.securityfocus.com/bid/100435 https://jenkins.io/security/advisory/2017-07-10 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 0%CPEs: 20EXPL: 0CVE-2017-14867
https://notcve.org/view.php?id=CVE-2017-14867
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support. Git en versiones anteriores a la 2.10.5, las versiones 2.11.x anteriores a 2.11.4, las 2.12.x anteriores a2.12.5, las 2.13.x anteriores a 2.13.6 y las 2.14.x anteriores a 2.14.2 emplean scripts de Perl no seguros para dar soporte a subcomandos como cvsserver. Esto permite que los atacantes ejecuten comandos arbitrarios del sistema operativo mediante metacaracteres shell en un nombre de módulo. El código vulnerable puede alcanzarse mediante git-shell incluso sin soporte para CVS. • http://www.openwall.com/lists/oss-security/2017/09/26/9 http://www.securityfocus.com/bid/101060 http://www.securitytracker.com/id/1039431 https://bugs.debian.org/876854 https://lists.debian.org/debian-security-announce/2017/msg00246.html https://public-inbox.org/git/xmqqy3p29ekj.fsf%40gitster.mtv.corp.google.com/T/#u https://www.debian.org/security/2017/dsa-3984 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 55%CPEs: 51EXPL: 21CVE-2017-1000117 – Malicious Git HTTP Server For CVE-2017-1000117
https://notcve.org/view.php?id=CVE-2017-1000117
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability. Un tercero malicioso puede proporcionar una URL "ssh://..." manipulada a una víctima desprevenida y un intento de visita a la URL puede resultar en que se ejecute cualquier programa que exista en la máquina de la víctima. Dicha URL podría colocarse en el archivo .gitmodules de un proyecto malicioso y una víctima desprevenida podría ser engañada para que ejecute "git clone --recurse-submodules" para desencadenar esta vulnerabilidad. • https://www.exploit-db.com/exploits/42599 https://github.com/greymd/CVE-2017-1000117 https://github.com/Manouchehri/CVE-2017-1000117 https://github.com/VulApps/CVE-2017-1000117 https://github.com/timwr/CVE-2017-1000117 https://github.com/rootclay/CVE-2017-1000117 https://github.com/ieee0824/CVE-2017-1000117 https://github.com/ieee0824/CVE-2017-1000117-sl https://github.com/AnonymKing/CVE-2017-1000117 https://github.com/nkoneko/CVE-2017-1000117 https://github.com/Shadow • CWE-20: Improper Input Validation CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 10.0EPSS: 13%CPEs: 10EXPL: 0CVE-2016-2324 – git: path_name() integer truncation and overflow leading to buffer overflow
https://notcve.org/view.php?id=CVE-2016-2324
Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. Desboradmiento de entero en Git en versiones anteriores a 2.7.4 permite a atacantes remotos ejecutar código arbitrario a través de un (1) nombre de archivo grande o (2) muchos árboles anidados, lo que desencadena un desbordamiento de buffer basado en memoria dinámica. An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183147.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179121.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180763.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00061.html http://lists.opensuse.org/opensuse-security-announce • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-194: Unexpected Sign Extension •
CVSS: 9.8EPSS: 8%CPEs: 23EXPL: 0CVE-2015-7545 – git: arbitrary code execution via crafted URLs
https://notcve.org/view.php?id=CVE-2015-7545
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule. El (1) git-remote-ext y (2) otros programas de ayuda remotos no especificados en Git en versiones anteriores a 2.3.10, 2.4.x en versiones anteriores a 2.4.10, 2.5.x en versiones anteriores a 2.5.4 y 2.6.x en versiones anteriores a 2.6.1 no restringen correctamente los protocolos permitidos, lo que podría permitir a atacantes remotos ejecutar código arbitrario a través de una URL en un (a) archivo .gitmodules u (b) otras fuentes desconocidas en un submódulo. A flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the user's system. • http://lists.opensuse.org/opensuse-updates/2015-11/msg00066.html http://rhn.redhat.com/errata/RHSA-2015-2515.html http://www.debian.org/security/2016/dsa-3435 http://www.openwall.com/lists/oss-security/2015/12/08/5 http://www.openwall.com/lists/oss-security/2015/12/09/8 http://www.openwall.com/lists/oss-security/2015/12/11/7 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016&# • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-284: Improper Access Control •