CVE-2022-29187

CWE-282 CWE-427 CWE-2838 documents7 sources

Severity

7.8HIGH

EPSS

0.1%

top 78.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Xcode Git-scm GIT GIT GIT +2 more

Timeline

PublishedJul 12

Latest updateNov 1

Description

Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contai…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶NVDapple/xcode< 14.1

▶NVDgit-scm/git2.30.3 — 2.30.5+7

▶Debiangit< 1:2.30.2-1+deb11u1+3

▶Ubuntugit< 1:2.17.1-1ubuntu0.12+2

▶CVEListV5git/git8 versions+7

Also affects: Debian Linux 10.0, Fedora 35, 36, 37

🔴Vulnerability Details

OSV

git vulnerabilities↗2022-07-13

▶

OSV

CVE-2022-29187: Git is a distributed revision control system↗2022-07-12

▶

CVEList

Bypass of safe.directory protections in Git↗2022-07-12

▶

📋Vendor Advisories

Apple

CVE-2022-29187: Xcode 14.1↗2022-11-01

▶

Ubuntu

Git vulnerabilities↗2022-07-13

▶

Red Hat

git: Bypass of safe.directory protections↗2022-07-12

▶

Debian

CVE-2022-29187: git - Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36...↗2022

▶