Published: 06/10/2018 Updated: 24/08/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 843

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Git prior to 2.14.5, 2.15.x prior to 2.15.3, 2.16.x prior to 2.16.5, 2.17.x prior to 2.17.2, 2.18.x prior to 2.18.1, and 2.19.x prior to 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.

Vulnerable Product	Search on Vulmon	Subscribe to Product
git-scm git
redhat enterprise linux 7.6
redhat ansible tower 3.3
redhat enterprise linux 6.0
redhat enterprise linux 7.5
redhat enterprise linux desktop 7.0
redhat enterprise linux server 7.0
redhat enterprise linux server aus 7.6
redhat enterprise linux 6.7
redhat enterprise linux 7.3
redhat enterprise linux server tus 7.6
redhat enterprise linux 7.0
redhat enterprise linux 7.4
redhat enterprise linux server eus 7.6
redhat enterprise linux workstation 7.0
canonical ubuntu linux 18.04
canonical ubuntu linux 14.04
canonical ubuntu linux 16.04
debian debian linux 9.0

Git could be made to run programs as your login if it recursively opened a malicious git repository ...

Synopsis Critical: Red Hat Ansible Tower 331-2 Release - Container Image Type/Severity Security Advisory: Critical Topic Security Advisory Description Red Hat Ansible Tower 331 is now available and contains the following bug fixes: Fixed event callback error when in-line vaulted variabl ...

Synopsis Important: git security update Type/Severity Security Advisory: Important Topic An update for git is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which g ...

Synopsis Important: git security update Type/Severity Security Advisory: Important Topic An update for git is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which g ...

Synopsis Important: rh-git29-git security update Type/Severity Security Advisory: Important Topic An update for rh-git29-git is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ...

joernchen of Phenoelit discovered that git, a fast, scalable, distributed revision control system, is prone to an arbitrary code execution vulnerability via a specially crafted gitmodules file in a project cloned with --recurse-submodules For the stable distribution (stretch), this problem has been fixed in version 1:2110-3+deb9u4 We recommend ...

Git before 2145, allows remote code execution during processing of a recursive "git clone" of a superproject if a gitmodules file has a URL field beginning with a '-' character(CVE-2018-17456) ...

An option injection flaw has been discovered in git when it recursively clones a repository with sub-modules A remote attacker may configure a malicious repository and trick a user into recursively cloning it, thus executing arbitrary commands on the victim's machine ...

A security issue has been found in git versions prior to 2191, which allows an attacker to execute arbitrary code by crafting a malicious gitmodules file in a project cloned with --recurse-submodules When running "git clone --recurse-submodules", Git parses the supplied gitmodules file for a URL field and blindly passes it as an argument to a ...

These releases fix a security flaw (CVE-2018-17456), which allowed an attacker to execute arbitrary code by crafting a malicious gitmodules file in a project cloned with --recurse-submodules When running "git clone --recurse-submodules", Git parses the supplied gitmodules file for a URL field and blindly passes it as an argument to a "git clone ...

# CVE-2018-17456 I've gotten a couple of questions about exploitation for the [recent RCE](marcinfo/?l=git&m=153875888916397&w=2) in Git So here we go with some technical details ## TL;DR [Here](githubcom/joernchen/poc-submodule) is a PoC repository EDB Note: Mirror ~ githubcom/offensive-security/exploitdb-b ...

This Metasploit module exploits CVE-2018-17456, which affects Git versions 2145, 2153, 2165, 2172, 2181, and 2191 and lower When a submodule url which starts with a dash eg "-u/payload" is passed as an argument to git clone, the file "payload" inside the repository is executed This Metasploit module creates a fake git repository whi ...

Updated releases address a security flaw that allowed an attacker to execute arbitrary code by crafting a malicious gitmodules file in a project cloned with --recurse-submodules ...

This write up provides a proof of concept with technical details for the git submodule arbitrary code execution vulnerability ...

This module exploits CVE-2018-17456, which affects Git versions 2145, 2153, 2165, 2172, 2181, and 2191 and lower When a submodule url which starts with a dash eg "-u/payload" is passed as an argument to git clone, the file "payload" inside the repository is executed This module cre ...

This module exploits CVE-2018-17456, which affects Git versions 2.14.5, 2.15.3, 2.16.5, 2.17.2, 2.18.1, and 2.19.1 and lower. When a submodule url which starts with a dash e.g "-u./payload" is passed as an argument to git clone, the file "payload" inside the repository is executed. This module creates a fake git repository which contains a submodule containing the vulnerability. The vulnerability is triggered when the submodules are initialised (e.g git clone --recurse-submodules URL)

msf > use exploit/multi/http/git_submodule_url_exec
msf exploit(git_submodule_url_exec) > show targets
    ...targets...
msf exploit(git_submodule_url_exec) > set TARGET < target-id >
msf exploit(git_submodule_url_exec) > show options
    ...show and set options...
msf exploit(git_submodule_url_exec) > exploit

This module exploits CVE-2018-17456, which affects Git versions 2.14.5, 2.15.3, 2.16.5, 2.17.2, 2.18.1, and 2.19.1 and lower. When a submodule url which starts with a dash e.g "-u./payload" is passed as an argument to git clone, the file "payload" inside the repository is executed. This module creates a fake git repository which contains a submodule containing the vulnerability. The vulnerability is triggered when the submodules are initialised (e.g git clone --recurse-submodules URL)

msf > use exploit/multi/http/git_submodule_url_exec
msf exploit(git_submodule_url_exec) > show targets
    ...targets...
msf exploit(git_submodule_url_exec) > set TARGET < target-id >
msf exploit(git_submodule_url_exec) > show options
    ...show and set options...
msf exploit(git_submodule_url_exec) > exploit

CVE-2018-17456 test

1-day

CVE-2018-17456 1-day

CVE-2018-17456复现

test CVE-2018-17456复现

CVE-2018-17456

CVE-2018-17456 test

A Vulnerable dockerfile for containerizing a university business.

Vulnerable Dockerfile A vulnerable Dockerfile for containerizing a university business This Dockerfile consists of Docker XML files for ease of use, readily deployable on your own environment Hosting an FTP server, a vulnerable SSH service and an insecure website Vulnerabilities include: wwwcvedetailscom/cve/CVE-2018-1000300/ wwwcvedetailscom/cve/CVE-20

CVE-2018-17456 test

Laboratorio de Seguridad en Sistemas Informáticos

Penetration-Testing Laboratorio de Seguridad en Sistemas Informáticos Trabajo sobre la vulnerabilidad CVE-2018-17456

CVE-2017-1000117漏洞复现（PoC+Exp）

CVE-2017-1000117 项目简介网络安全课程设计选题之一 CVE-2017-1000117 漏洞的复现（PoC+Exp） Git + SSH 漏洞简介：漏洞名称： Git命令注入漏洞 CNNVD编号：CNNVD-201708-670 危害等级：中危 CVE编号：CVE-2017-1000117 漏洞类型：命令注入发布时间：2017-08-16 威胁类型：远程更新时间：2017-10-17 厂商：git-scm

CVE-2018-17456漏洞复现（PoC+Exp）

CVE-2018-17456 漏洞简介漏洞名称： Git输入验证错误漏洞 CNNVD编号：CNNVD-201810-234 危害等级：超危 CVE编号：CVE-2018-17456 漏洞类型：输入验证错误发布时间：2018-10-08 威胁类型：远程更新时间：2019-04-25 厂商：debian 漏洞来源：Atlassian,TerryZh 漏洞简介：Git是一套免费、开源的分布式版本控制�

stay

CVE-2018-17456

CWE-88 https://www.openwall.com/lists/oss-security/2018/10/06/3 https://marc.info/?l=git&m=153875888916397&w=2 https://github.com/git/git/commit/a124133e1e6ab5c7a9fef6d0e6bcb084e3455b46 https://github.com/git/git/commit/1a7fd1fb2998002da6e9ff2ee46e1bdd25ee8404 https://www.debian.org/security/2018/dsa-4311 https://www.exploit-db.com/exploits/45548/http://www.securitytracker.com/id/1041811 http://www.securityfocus.com/bid/105523 https://usn.ubuntu.com/3791-1/https://www.exploit-db.com/exploits/45631/https://access.redhat.com/errata/RHSA-2018:3408 https://access.redhat.com/errata/RHSA-2018:3505 https://access.redhat.com/errata/RHSA-2018:3541 https://seclists.org/bugtraq/2019/Mar/30 http://www.securityfocus.com/bid/107511 http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html https://access.redhat.com/errata/RHSA-2020:0316 http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html https://usn.ubuntu.com/3791-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/45548/

CVE-2018-17456

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Metasploit Modules

Github Repositories

References

Vulmon Search

About

Products

Connect