Debian Bug report logs -
#1031310
git: CVE-2023-22490 CVE-2023-23946
Package:
src:git;
Maintainer for src:git is Jonathan Nieder <jrnieder@gmailcom>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 14 Feb 2023 20:00:01 UTC
Severity: grave
Tags: security, upstream
Found in versions git/1:2391-01, ...
Several vulnerabilities have been discovered in git, a fast, scalable,
distributed revision control system
CVE-2023-22490
yvvdwf found a data exfiltration vulnerability while performing local
clone from malicious repository even using a non-local transport
CVE-2023-23946
Joern Schneeweisz found a path traversal vulnerability in git-a ...
Git is a revision control system Using a specially-crafted repository, Git prior to versions 2392, 2384, 2376, 2365, 2357, 2347, 2337, 2326, 2317, and 2308 can be tricked into using its local clone optimization even when using a non-local transport Though Git will abort local clones whose source `$GIT_DIR/objects` directory co ...
Synopsis
Important: git security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for git is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security ...
Synopsis
Important: git security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for git is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a security ...
Synopsis
Critical: Red Hat Advanced Cluster Management 274 security fixes and container updates
Type/Severity
Security Advisory: Critical
Topic
Red Hat Advanced Cluster Management for Kubernetes 274 GeneralAvailability release images, which fix security issues and update container imagesRed Hat Product Security has rated this update as h ...
Synopsis
Moderate: Logging Subsystem 572 - Red Hat OpenShift security update
Type/Severity
Security Advisory: Moderate
Topic
Logging Subsystem 572 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severi ...
Synopsis
Important: Migration Toolkit for Containers (MTC) 1710 security and bug fix update
Type/Severity
Security Advisory: Important
Topic
The Migration Toolkit for Containers (MTC) 1710 is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ...
Synopsis
Critical: Red Hat Advanced Cluster Management 266 security fixes and container updates
Type/Severity
Security Advisory: Critical
Topic
Red Hat Advanced Cluster Management for Kubernetes 266 GeneralAvailability release images, which fix security issues and update container imagesRed Hat Product Security has rated this update as h ...
Synopsis
Critical: Red Hat Advanced Cluster Management 259 security fixes and container updates
Type/Severity
Security Advisory: Critical
Topic
Red Hat Advanced Cluster Management for Kubernetes 259 GeneralAvailability release images, which fix security issues and update container imagesRed Hat Product Security has rated this update as h ...
Synopsis
Moderate: OpenShift Jenkins image and Jenkins agent base image security update
Type/Severity
Security Advisory: Moderate
Topic
Release of Bug Advisories for the OpenShift Jenkins image and Jenkins agent base imageRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring Sys ...
Synopsis
Important: OpenShift Container Platform 4132 bug fix and security update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Container Platform release 4132 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift C ...
Git is a revision control system Using a specially-crafted repository, Git prior to versions 2392, 2384, 2376, 2365, 2357, 2347, 2337, 2326, 2317, and 2308 can be tricked into using its local clone optimization even when using a non-local transport Though Git will abort local clones whose source `$GIT_DIR/objects` directory co ...
DescriptionThe MITRE CVE dictionary describes this issue as: Git, a revision control system, is vulnerable to path traversal prior to versions 2392, 2384, 2376, 2365, 2357, 2347, 2337, 2326, 2317, and 2308 By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `g ...
Vulmon