CVE-2022-24439
published 2022-12-06CVE-2022-24439: All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a…
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
5.38%
91.7th percentile
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | python-git | < python-git 3.1.30-1+deb12u2 (bookworm) | python-git 3.1.30-1+deb12u2 (bookworm) |
| debian | python-git | < python-git 3.1.30-1 (bookworm) | python-git 3.1.30-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| gitpython_project | gitpython | < 3.1.30 | 3.1.30 |
| gitpython_project | gitpython | < 3.1.32 | 3.1.32 |
| gitpython_project | gitpython | >= 0 < 3.1.30 | 3.1.30 |
| gitpython_project | gitpython | >= 0 < 3.1.32 | 3.1.32 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is triggered by injecting a maliciously crafted remote URL into the `clone` or `clone_from` command of GitPython; monitor for unusual arguments passed to git clone invocations spawned by Python processes. ↗
- →Detect SSRF probing of internal ports (especially 5000) via HTTP requests with User-Agent 'python-requests' originating from the web application server. ↗
- →GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from; patch to >= 3.1.32 (CVE-2023-40267 is an incomplete fix follow-up) and >= 3.1.36 for full remediation. ↗
- →Monitor for Python scripts running as root that invoke git.Repo.clone_from with externally-controlled URL arguments, as this is the direct exploitation path for privilege escalation. ↗
- ·In Red Hat OpenStack Platform, the affected clone_from() function is not in use, reducing exploitability to medium/low in those environments. ↗
- ·CVE-2023-40267 represents an incomplete fix for CVE-2022-24439; patching to GitPython 3.1.30 is insufficient — full remediation requires >= 3.1.36. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ghsa9.8CRITICAL
osv9.8CRITICAL
vendor_debian8.1HIGH
vendor_redhat8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
GitPython: Insecure non-multi options in clone and clone_from is not blocked
vendor_redhat·2023-08-11·CVSS 8.1
CVE-2023-40267 [HIGH] CWE-20 GitPython: Insecure non-multi options in clone and clone_from is not blocked
GitPython: Insecure non-multi options in clone and clone_from is not blocked
GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.
An improper input validation vulnerability was found in GitPython. This flaw allows an attacker to inject a maliciously crafted remote URL into the clone command, possibly leading to remote code execution.
Statement: In Red Hat Openstack, Red Hat Ansible Automation Platform, and Red Hat Certification Program, while the gitpython dependency is present, the affected codebase is not being used.
Red Hat Satellite does not use the affected functions during runtime, therefore the possible impact is limited to Moderate.
Package: gitpython (Red Hat Ansible
Ubuntu
GitPython vulnerability
vendor_ubuntu·2023-03-22
CVE-2022-24439 GitPython vulnerability
Title: GitPython vulnerability
Summary: GitPython could me made to execute arbitrary commands on the host.
It was discovered that GitPython did not properly sanitize user inputs for
remote URLs in the clone command. By injecting a maliciously crafted
remote URL, an attacker could possibly use this issue to execute arbitrary
commands on the host.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2023-40267: python-git - GitPython before 3.1.32 does not block insecure non-multi options in clone and c...
vendor_debian·2023·CVSS 8.1
CVE-2023-40267 [HIGH] CVE-2023-40267: python-git - GitPython before 3.1.32 does not block insecure non-multi options in clone and c...
GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.
Scope: local
bookworm: resolved (fixed in 3.1.30-1+deb12u2)
bullseye: resolved (fixed in 3.1.14-1+deb11u1)
forky: resolved (fixed in 3.1.36-1)
sid: resolved (fixed in 3.1.36-1)
trixie: resolved (fixed in 3.1.36-1)
Red Hat
GitPython: improper user input validation leads into a RCE
vendor_redhat·2022-12-05·CVSS 8.1
CVE-2022-24439 [HIGH] CWE-94 GitPython: improper user input validation leads into a RCE
GitPython: improper user input validation leads into a RCE
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
A remote code execution vulnerability exists in Git-python. By injecting a malicious URL into the clone command, an attacker can exploit this vulnerability as the library makes external calls to git without any input sanitization. This issue leads to complete system compromise.
Statement: Across all supported releases of Red Hat OpenStack Platform the usage of a compromised GitPython
Debian
CVE-2022-24439: python-git - All versions of package gitpython are vulnerable to Remote Code Execution (RCE) ...
vendor_debian·2022·CVSS 8.1
CVE-2022-24439 [HIGH] CVE-2022-24439: python-git - All versions of package gitpython are vulnerable to Remote Code Execution (RCE) ...
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
Scope: local
bookworm: resolved (fixed in 3.1.30-1)
bullseye: resolved (fixed in 3.1.14-1+deb11u1)
forky: resolved (fixed in 3.1.30-1)
sid: resolved (fixed in 3.1.30-1)
trixie: resolved (fixed in 3.1.30-1)
OSV
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments
osv·2023-08-11·CVSS 9.8
CVE-2023-40267 [CRITICAL] GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments
GitPython before 3.1.32 does not block insecure non-multi options in `clone` and `clone_from`, making it vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.
GHSA
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments
ghsa·2023-08-11·CVSS 9.8
CVE-2023-40267 [CRITICAL] CWE-78 GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments
GitPython before 3.1.32 does not block insecure non-multi options in `clone` and `clone_from`, making it vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.
OSV
CVE-2023-40267: GitPython before 3
osv·2023-08-11·CVSS 9.8
CVE-2023-40267 [CRITICAL] CVE-2023-40267: GitPython before 3
GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.
OSV
GitPython vulnerable to Remote Code Execution due to improper user input validation
osv·2022-12-06
CVE-2022-24439 [CRITICAL] GitPython vulnerable to Remote Code Execution due to improper user input validation
GitPython vulnerable to Remote Code Execution due to improper user input validation
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
GHSA
GitPython vulnerable to Remote Code Execution due to improper user input validation
ghsa·2022-12-06
CVE-2022-24439 [CRITICAL] CWE-20 GitPython vulnerable to Remote Code Execution due to improper user input validation
GitPython vulnerable to Remote Code Execution due to improper user input validation
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
OSV
CVE-2022-24439: All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inje
osv·2022-12-06·CVSS 9.8
CVE-2022-24439 [CRITICAL] CVE-2022-24439: All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inje
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2023-40267 GitPython: Insecure non-multi options in clone and clone_from is not blocked
bugzilla·2023-08-11·CVSS 9.8
CVE-2023-40267 [CRITICAL] CVE-2023-40267 GitPython: Insecure non-multi options in clone and clone_from is not blocked
CVE-2023-40267 GitPython: Insecure non-multi options in clone and clone_from is not blocked
GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.
References:
https://github.com/gitpython-developers/GitPython/commit/ca965ecc81853bca7675261729143f54e5bf4cdd
https://github.com/gitpython-developers/GitPython/pull/1609
Discussion:
Created GitPython tracking bugs for this issue:
Affects: epel-all [bug 2231476]
Affects: fedora-all [bug 2231475]
Affects: openstack-rdo [bug 2231477]
---
This issue has been addressed in the following products:
Red Hat Ansible Automation Platform 2.4 for RHEL 9
Red Hat Ansible Automation Platform 2.4 for RHEL 8
Via RHSA-2023:4971 https://access.redh
Bugzilla
CVE-2022-24439 GitPython: improper user input validation leads into a RCE
bugzilla·2022-12-07·CVSS 9.8
CVE-2022-24439 [CRITICAL] CVE-2022-24439 GitPython: improper user input validation leads into a RCE
CVE-2022-24439 GitPython: improper user input validation leads into a RCE
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
Discussion:
Created GitPython tracking bugs for this issue:
Affects: epel-all [bug 2155962]
Affects: fedora-all [bug 2155963]
Affects: openstack-rdo [bug 2155964]
---
https://github.com/gitpython-developers/GitPython/pull/1518/commits
---
https://github.com/gitpython-developers/GitPython/pull/1521
---
This issue has been addressed in the following products:
Red
CTF
easy / README
ctf_writeups·CVSS 6.0
[MEDIUM] easy / README
---
layout: default
title: Easy Machines
parent: Machines
nav_order: 1
description: "120+ Easy HTB machine writeups with walkthroughs"
permalink: /machines/easy/
---
# HackTheBox Easy Machines - Comprehensive Reference
> Complete catalog of retired HTB Easy machines with OS, key vulnerability, attack path summary, and quality writeup links.
**Total: 100+ Easy Machines** | Updated: April 2026
---
## Quick Navigation
- [Classic / Legacy Machines (2017-2019)](#classic--legacy-machines-2017-2019)
- [2019-2020 Machines](#2019-2020-machines)
- [2021 Machines](#2021-machines)
- [2022 Machines](#2022-machines)
- [2023 Machines](#2023-machines)
- [2024 Machines (Season 4 & 5)](#2024-machines-season-4--5)
- [2025-2026 Machines (Season 6+)](#2025-2026-machines-season-6)
---
## Classic / Legac
CTF
Editorial / README
ctf_writeups·CVSS 8.1
[HIGH] Editorial / README
# Editorial - HackTheBox - Writeup
Linux, 20 Base Points, Easy
## Machine
## TL;DR
To solve this machine, we start by using `nmap` to enumerate open services and find ports `22`, and `80`.
***User***: Discovered an SSRF vulnerability in the upload book cover API. Found the `dev` user credentials via the [http://localhost:5000/api/latest/metadata/messages/authors](http://localhost:5000/api/latest/metadata/messages/authors) API. Used `git log` to identify a file containing the credentials for the `prod` user.
***Root***: Discovered that we can run a Python script as `root`. The Python script uses `git.Repo.clone_from`, which is vulnerable to command injection (CVE-2022-24439). Exploiting this, we obtained the root flag.
## Editorial Solution
### User
Let's begin by using `nmap` t
https://github.com/gitpython-developers/GitPython/blob/bec61576ae75803bc4e60d8de7a629c194313d1c/git/repo/base.py%23L1249https://lists.debian.org/debian-lts-announce/2023/07/msg00024.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AV5DV7GBLMOZT7U3Q4TDOJO5R6G3V6GH/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IKMVYKLWX62UEYKAN64RUZMOIAMZM5JN/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF6AXUTC5BO7L2SBJMCVKJSPKWY52I5R/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJHN3QUXPJIMM6SULIR3PR34UFWRAE7X/https://security.gentoo.org/glsa/202311-01https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858https://github.com/gitpython-developers/GitPython/blob/bec61576ae75803bc4e60d8de7a629c194313d1c/git/repo/base.py%23L1249https://lists.debian.org/debian-lts-announce/2023/07/msg00024.htmlhttps://lists.debian.org/debian-lts-announce/2024/10/msg00030.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AV5DV7GBLMOZT7U3Q4TDOJO5R6G3V6GH/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IKMVYKLWX62UEYKAN64RUZMOIAMZM5JN/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF6AXUTC5BO7L2SBJMCVKJSPKWY52I5R/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJHN3QUXPJIMM6SULIR3PR34UFWRAE7X/https://security.gentoo.org/glsa/202311-01https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858
2022-12-06
Published