Published: 30/05/2018 Updated: 02/05/2020

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 614

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

In Git prior to 2.13.7, 2.14.x prior to 2.14.4, 2.15.x prior to 2.15.2, 2.16.x prior to 2.16.4, and 2.17.x prior to 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian debian linux 8.0
debian debian linux 9.0
canonical ubuntu linux 18.04
canonical ubuntu linux 17.10
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
redhat enterprise linux workstation 7.0
redhat enterprise linux 7.0
redhat enterprise linux server eus 7.5
redhat enterprise linux desktop 7.0
redhat enterprise linux server 7.0
git-scm git
git-scm git 2.17.0
gitforwindows git

Synopsis Important: git security update Type/Severity Security Advisory: Important Topic An update for git is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which g ...

Synopsis Important: rh-git29-git security update Type/Severity Security Advisory: Important Topic An update for rh-git29-git is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ...

Several security issues were fixed in Git ...

Etienne Stalmans discovered that git, a fast, scalable, distributed revision control system, is prone to an arbitrary code execution vulnerability exploitable via specially crafted submodule names in a gitmodules file For the oldstable distribution (jessie), this problem has been fixed in version 1:214-21+deb8u6 For the stable distribution (s ...

In Git before 2137, 214x before 2144, 215x before 2152, 216x before 2164, and 217x before 2171, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory(CVE-2018-11233) In Git before 2137, 214x before 2144, 215x before 2152, 216x before 2164, and 217x before 2171, remote code execution c ...

In Git before 2137, 214x before 2144, 215x before 2152, 216x before 2164, and 217x before 2171, remote code execution can occur With a crafted gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and the ...

A security issue has been found in git before 2171 With a crafted gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "/" in a name Finally, ...

Git versions prior to 2171 suffer from a code execution vulnerability ...

This write up provides a proof of concept with technical details for the git submodule arbitrary code execution vulnerability ...

Awesome List of my own!

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents Assembly (3) Awk (1) Batchfile (1) C (61) C# (5) C++ (70) CSS (5) CoffeeScript (2) Cuda (1) Dart (3) Dockerfile (2) Go (134) Groovy (1) HTML (17) Haskell (3) Isabelle (1) Java (78) JavaScript (71) Jsonnet (3) Jupyter Notebook (7) Kotlin (5) Lua (2) Makefile (2) Nix (2) OCaml (14) Objective-C

PoC exploit for CVE-2018-11235 GitHub is not allowing me to push a repository exploiting the vulnerability (good point for them), so you will have to build it yourself by running the buildsh script Then, push the repository somewhere When you clone it with the --recurse-submodules flag, the evil script is executed: $ git clone --recurse-submodules repo dest_dir Cloning into

CVE-2018-11235 Usage chybeta@ubuntu ~> git clone githubcom/CHYbeta/CVE-2018-11235-DEMOgit chybeta@ubuntu ~> cd CVE-2018-11235-DEMO chybeta@ubuntu ~/CVE-2018-11235-DEMO> /usr/local/bin/git --version git version 2170 chybeta@ubuntu ~/CVE-2018-11235-DEMO> /buildsh

PoC exploit for CVE-2018-11235 allowing RCE on git clone --recurse-submodules

CVE-2018-11235: Git Submodule RCE

exploit CVE-2018-11235: Git Submodule RCE

CVE-2018-11235 Exploit Title: Git (code execution) Date: 2018-05-29 Exploit Author: Jameel Nabbo Website: jameelnabbocom Vendor Homepage: githubcom/git/git CVE: CVE-2018-11235 Version: <=2171 Tested on Kali Linux Exploit DB: wwwexploit-dbcom/exploits/44822/ P0C: Check the files in this Repository commitsh pwnedsh

for git v2.7.4

CVE-2018-11235-poc for version v274 References 1CHYbeta's poc 2CVE-2018-11235 - Quick & Dirty PoC

Exploits CVE-2018-11235

Headers Exploit Title: Clone and Pwn Date: June 4th, 2018 Exploit Author: Alejandro Caceres Vendor Homepage: git-scmcom/ Software Link: git-scmcom/downloads Version: arbitrary code is executed on git client versions In Git before 2137, 214x before 2144, 215x before 2152, 216x before 2164, and 217x before 2171 Tested on: Linux: Ubuntu, Mint, M

CVE-2018-11235-Git-Submodule-CE + Docker Ngrok Configuration

CVE-2018-11235-Git-Submodule-CE + Docker Ngrok Configuration CVE-2018-11235-Git PoC and tunneling with docker ngrok Build Dockerfile $ docker build -t cve-2018-11235 Create custom network for ngrok $ docker network create myngroknet Start Git Http Server $ docker run -d -p 8080:80 --net myngroknet -

PoC exploit for CVE-2018-11235 allowing RCE on git clone --recurse-submodules

PoC exploit for CVE-2018-11235 repository: REDACTED/2018-11235_PoCgit/ return: Submodule 'aaa' (repo1) registered for path 'aaa' Submodule '//fakegit/modules/evil' (repo2) registered for path 'evil' Submodule path 'aaa': checked out '9c48e0a785dec84cb252677a8a7d55feaeac056c' Submodule pa

git {<2.13.7, <2.14.4, <2.15.2, <2.16.4, <2.17.1} remote code execution

CVE-2018-11235 Consult the National Vulnerability Database (CVE-2018-11235) for further information Proof of Concept $ mkdir /tmp/cve-2018-11235 $ cd /tmp/cve-2018-11235 $ git init module $ cd module $ > BLANK $ git add BLANK $ git commit -m "This page intentionally left blank" $ cd $ git init repository $ cd repository $ git submodule add /module modul

CVE-2018-11235 (Git)

CVE-2018-11235 CVE-2018-11235

CVE-2018-11235（PoC && Exp）

CVE-2018-11235 漏洞简介漏洞名称： Git安全漏洞 CNNVD编号：CNNVD-201805-1020 危害等级：高危 CVE编号：CVE-2018-11235 漏洞类型：安全特征问题发布时间：2018-05-31 威胁类型：远程更新时间：2019-04-01 厂商：git-scm 漏洞来源：漏洞简介：Git是美国软件开发者林纳斯-托瓦兹（LinusTorvalds）所研发的一�

All the content from my Troopers 19 talk

Troopers 19 This repository contains all the content from the talk I gave at Troopers 19 Abstract Link: wwwtroopersde/troopers19/agenda/e93wet/ Supply-chain attacks have come to the fore recently, with more and more companies moving towards DevOps This talk demonstrates attacks against the software used to manage and download source code and how this affects the who

Proof of Concept - RCE Exploitation : Git submodules' names vulnerability - Ensimag November 2018

CVE-2018-11235 Getting started Pour build les conteneurs dockers, utilisez : make docker (Les commandes make suivantes sont à lancer en parallèle sur différents terminaux depuis votre machine) Pour démarrer le conteneur du serveur attaquant, utilisez : make run_server pour

CVE-2018-11235

Hi 🤖 Just an empty repo to exploit CVE-2018-11235

CVE-2018-11235

CVE-2018-11235-Git-Submodule-CE + Docker Ngrok Configuration

RCE vulnerability to exec "git clone --recurse-submodule" (CVE-2018-11235)

CVE-2018-11235 RCE vulnerability to exec "git clone --recurse-submodule" (CVE-2018-11235 )

CVE-2018-11235-Git PoC

CVE-2018-11235-Git-Submodule-CE CVE-2018-11235-Git PoC Pull from Docker docker pull qweraqq/cve-2018-11235-git-submodule-rce Start Git Http Server docker run -d -p 8080:80 qweraqq/cve-2018-11235-git-submodule-rce PoC git clone --recurse-submodules gitgitserver/maliciousgit

Hello Just an empty repo to exploit CVE-2018-11235

RCE_COLLECT githubcom/shengqi158/fastjson-remote-code-execute-poc CVE-2018-802: githubcom/r3dxpl0it/Apache-Superset-Remote-Code-Execution-PoC-CVE-2018-8021 CVE-2018-11235: githubcom/JameelNabbo/git-remote-code-execution CVE-2018-15133: githubcom/kozmic/laravel-poc-CVE-2018-15133

Auto malicious git repository creation to exploit CVE-2018-11235 a Remote Code Execution using Git Sub module.

CVE-2018-11235 Auto malicious git repository creation to exploit CVE-2018-11235 a Remote Code Execution using Git Sub module Blog Post: devblogsmicrosoftcom/devops/announcing-the-may-2018-git-security-vulnerability/

CVE-2017-1000117漏洞复现（PoC+Exp）

CVE-2017-1000117 项目简介网络安全课程设计选题之一 CVE-2017-1000117 漏洞的复现（PoC+Exp） Git + SSH 漏洞简介：漏洞名称： Git命令注入漏洞 CNNVD编号：CNNVD-201708-670 危害等级：中危 CVE编号：CVE-2017-1000117 漏洞类型：命令注入发布时间：2017-08-16 威胁类型：远程更新时间：2017-10-17 厂商：git-scm

CVE-2018-17456漏洞复现（PoC+Exp）

CVE-2018-17456 漏洞简介漏洞名称： Git输入验证错误漏洞 CNNVD编号：CNNVD-201810-234 危害等级：超危 CVE编号：CVE-2018-17456 漏洞类型：输入验证错误发布时间：2018-10-08 威胁类型：远程更新时间：2019-04-25 厂商：debian 漏洞来源：Atlassian,TerryZh 漏洞简介：Git是一套免费、开源的分布式版本控制�

Git security vulnerability could lead to an attack of the (repo) clones

The Register • Richard Speed • 30 May 2018

Best git patching y'all

A new version of Git has been emitted to ward off attempts to exploit a potential arbitrary code execution vulnerability – which can be triggered by merely cloning a malicious repository. The security hole, CVE-2018-11235, reported by Etienne Stalmans, stems from a flaw in Git whereby sub-module names supplied by the .gitmodules file are not properly validated when appended to $GIT_DIR/modules. Including "../" in a name could result in directory hopping. Post-checkout hooks could then be execu...

CVE-2018-11235

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect