CVE-2019-1353 — Improperly Implemented Security Check for Standard in GIT
Severity
9.8CRITICALNVD
EPSS
0.2%
top 59.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 24
Latest updateApr 29
Description
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages4 packages
▶CVEListV5microsoft_corporation/gitBefore 2.24.1, 2.23.1, 2.22.2, 2.21.1, 2.20.2, 2.19.3, 2.18.2, 2.17.3, 2.16.6, 2.15.4, 2.14.6
🔴Vulnerability Details
2📋Vendor Advisories
6💬Community
5Bugzilla▶
CVE-2020-12279 libgit2: NTFS protections inactive when running Git in the Windows Subsystem for Linux↗2020-04-29
Bugzilla▶
CVE-2019-1353 git: NTFS protections inactive when running Git in the Windows Subsystem for Linux↗2019-12-11
Bugzilla▶
CVE-2019-1353 git: NTFS protections inactive when running Git in the Windows Subsystem for Linux [fedora-all]↗2019-12-11
Bugzilla▶
CVE-2019-1003041 jenkins-plugin-workflow-cps: Sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin (SECURITY-1353)↗2019-04-01
Bugzilla▶
CVE-2019-1003040 jenkins-plugin-script-security: Sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin (SECURITY-1353)↗2019-04-01