Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
git git vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-5260
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provide...
Git Git
Git-scm Git
Debian Debian Linux 8.0
Canonical Ubuntu Linux 16.04
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Fedoraproject Fedora 30
Opensuse Leap 15.1
Canonical Ubuntu Linux 19.10
Fedoraproject Fedora 31
Fedoraproject Fedora 32
2 Github repositories
5
CVSSv2
CVE-2020-9708
The resolveRepositoryPath function doesn't properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-for...
Adobe Git-server
10
CVSSv2
CVE-2015-8969
git-fastclone prior to 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to "cd " and "git clone " commands in the library.
Squareup Git-fastclone
6.8
CVSSv2
CVE-2016-7793
sociomantic-tsunami git-hub prior to 0.10.3 allows remote malicious users to execute arbitrary code via a crafted repository URL.
Sociomantic Git-hub
NA
CVE-2022-36881
Jenkins Git client Plugin 3.11.0 and previous versions does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.
Jenkins Git Client
3.5
CVSSv2
CVE-2020-2113
Jenkins Git Parameter Plugin 0.9.11 and previous versions does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission.
Jenkins Git Parameter
9.3
CVSSv2
CVE-2015-8968
git-fastclone prior to 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an un...
Squareup Git-fastclone
3.5
CVSSv2
CVE-2020-2112
Jenkins Git Parameter Plugin 0.9.11 and previous versions does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission.
Jenkins Git Parameter
3.5
CVSSv2
CVE-2020-2238
Jenkins Git Parameter Plugin 0.9.12 and previous versions does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Jenkins Git Parameter
2.1
CVSSv2
CVE-2017-1000242
Jenkins Git Client Plugin 2.4.2 and previous versions creates temporary file with insecure permissions resulting in information disclosure
Jenkins Git Client
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »