Published: 12/01/2024 Updated: 22/01/2024

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

A path traversal vulnerability exists in go-git versions prior to v5.11. This vulnerability allows an malicious user to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootOS pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using "Plain" versions of Open and Clone funcs (e.g. PlainClone). Applications using BoundOS pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS or in-memory filesystems are not affected by this issue. This is a go-git implementation issue and does not affect the upstream git cli.

Vulnerable Product	Search on Vulmon	Subscribe to Product
go-git project go-git

Debian Bug report logs - #1060701 golang-github-go-git-go-git: CVE-2023-49568 CVE-2023-49569 Package: src:golang-github-go-git-go-git; Maintainer for src:golang-github-go-git-go-git is Debian Go Packaging Team <team+pkg-go@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 13 Jan 202 ...

Synopsis Critical: Red Hat Advanced Cluster Management 2711 security and bug fix container update Type/Severity Security Advisory: Critical Topic Red Hat Advanced Cluster Management for Kubernetes 2711 GeneralAvailability release images, which provide security updates and fix bugsRed Hat Product Security has rated this update as having a ...

Synopsis Critical: OpenShift Container Platform 41411 bug fix and security update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat OpenShift Container Platform 414Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base s ...

Synopsis Critical: OpenShift Container Platform 41411 security and extras update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat OpenShift Container Platform 414Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base sc ...

Synopsis Critical: Red Hat Advanced Cluster Management 292 security and bug fix container updates Type/Severity Security Advisory: Critical Topic Red Hat Advanced Cluster Management for Kubernetes 292 GeneralAvailability release images, which provide security updates and fix bugsRed Hat Product Security has rated this update as having a ...

A path traversal vulnerability was discovered in go-git versions prior to v511 This vulnerability allows an attacker to create and amend files across the filesystem In the worse case scenario, remote code execution could be achieved Applications are only affected if they are using the ChrootOS pkggodev/githubcom/go-git/go-billy/v5/o ...

DescriptionThis CVE is under investigation by Red Hat Product Security ...

Common code for managing RH Ceph Storage bugs

rhcephbugs Common code for managing RH Ceph Storage bugs Some of these utilities can run in Jenkins, others are human decision amplifiers triage The triage tool has two commands, update and report The update subcommand will query all BZs for a release and prompt the user to describe the next action for each BZ Shortcuts for update descriptions: autobug - Ken to autobug c

CWE-22 https://github.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060701 https://nvd.nist.gov https://github.com/ktdreyer/rhcephbugs https://alas.aws.amazon.com/AL2/ALAS-2024-2458.html

CVE-2023-49569

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect