CVE-2017-8386 — GIT vulnerability

8 documents7 sources

Severity

8.8HIGHNVD

EPSS

72.7%

top 1.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GIT Debian GIT Canonical Ubuntu Linux +3 more

Timeline

PublishedJun 1

Latest updateMay 13

Description

git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/git< git 1:2.11.0-3 (bookworm)

▶Debiangit/git< 1:2.11.0-3+3

▶NVDopensuse/leap42.1

Also affects: Debian Linux 8.0, Fedora 24, 25, 26, Ubuntu Linux 14.04, 16.04, 16.10, 17.04

🔴Vulnerability Details

GHSA

GHSA-xqh5-ghjx-6xv5: git-shell in git before 2↗2022-05-13

▶

OSV

CVE-2017-8386: git-shell in git before 2↗2017-06-01

▶

📋Vendor Advisories

Ubuntu

Git vulnerability↗2017-05-15

▶

Red Hat

git: Escape out of git-shell↗2017-05-05

▶

Debian

CVE-2017-8386: git - git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x be...↗2017

▶

💬Community

Bugzilla

CVE-2017-8386 git: Escape out of git-shell↗2017-05-12

▶

Bugzilla

CVE-2017-8386 git: Escape out of git-shell [fedora-all]↗2017-05-12

▶