CVE-2022-39253

CWE-200 — Information Exposure CWE-59 CWE-40213 documents8 sources

Severity

5.5MEDIUM

EPSS

2.8%

top 13.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GIT GIT Apple Xcode Git-scm GIT +2 more

Timeline

PublishedOct 19

Latest updateMar 28

Description

Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are …

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5git/git< 2.39.4+14

▶NVDapple/xcode< 14.1

▶NVDgit-scm/git2.31.0 — 2.31.5+8

▶Debiangit< 1:2.30.2-1+deb11u1+3

▶Ubuntugit< 1:2.17.1-1ubuntu0.13+3

Also affects: Debian Linux 10.0, Fedora 35, 36, 37

🔴Vulnerability Details

OSV

git vulnerability↗2023-03-28

▶

CVEList

Git subject to exposure of sensitive information via local clone of symbolic links↗2022-10-19

▶

OSV

CVE-2022-39253: Git is an open source, scalable, distributed revision control system↗2022-10-19

▶

OSV

git vulnerabilities↗2022-10-18

▶

📋Vendor Advisories

Ubuntu

Git vulnerability↗2023-03-28

▶

Red Hat

git: data exfiltration with maliciously crafted repository↗2023-02-14

▶

Ubuntu

Git vulnerabilities↗2022-11-21

▶

Microsoft

GitHub: CVE-2022-39253 Local clone optimization dereferences symbolic links by default↗2022-11-08

▶

Apple

CVE-2022-39253: Xcode 14.1↗2022-11-01

▶