CVE-2013-0308 — Improper Input Validation in GIT

CWE-20 — Improper Input Validation8 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

1.0%

top 22.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Git-scm GIT

Timeline

PublishedMar 8

Latest updateMay 5

Description

The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDgit-scm/git1.8.1.3

🔴Vulnerability Details

GHSA

GHSA-p33f-8gh4-2vgm: The imap-send command in GIT before 1↗2022-05-05

▶

CVEList

CVE-2013-0308: The imap-send command in GIT before 1↗2013-03-08

▶

📋Vendor Advisories

Red Hat

git: Incorrect IMAP server's SSL x509.v3 certificate validation in git-imap-send command↗2013-02-20

▶

Debian

CVE-2013-0308: git - The imap-send command in GIT before 1.8.1.4 does not verify that the server host...↗2013

▶

💬Community

Bugzilla

CVE-2013-0308 git: Incorrect IMAP server's SSL x509.v3 certificate validation in git-imap-send command [fedora-all]↗2013-02-21

▶

Bugzilla

CVE-2013-0308 git: Incorrect IMAP server's SSL x509.v3 certificate validation in git-imap-send command [epel-5]↗2013-02-21

▶

Bugzilla

CVE-2013-0308 git: Incorrect IMAP server's SSL x509.v3 certificate validation in git-imap-send command↗2013-02-11

▶