CVE-2023-22490

CWE-59 CWE-40211 documents7 sources

Severity

5.5MEDIUM

EPSS

0.2%

top 60.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GIT GIT Git-scm GIT

Timeline

PublishedFeb 14

Latest updateMar 14

Description

Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on know…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5git/git< 2.30.8+9

▶NVDgit-scm/git2.31.0 — 2.31.7+9

▶Alpinegit< 2.32.6-r0+9

▶Debiangit< 1:2.30.2-1+deb11u2+3

▶Ubuntugit< 1:2.17.1-1ubuntu0.17+4

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

git regression↗2023-03-02

▶

OSV

CVE-2023-22490: Git is a revision control system↗2023-02-14

▶

OSV

CVE-2023-22490: Git is a revision control system↗2023-02-14

▶

OSV

git vulnerabilities↗2023-02-14

▶

CVEList

Git vulnerable to local clone-based data exfiltration with non-local transports↗2023-02-14

▶

📋Vendor Advisories

Microsoft

GitHub: CVE-2023-22490 mingit Information Disclosure Vulnerability↗2023-03-14

▶

Ubuntu

Git regression↗2023-03-02

▶

Ubuntu

Git vulnerabilities↗2023-02-14

▶

Red Hat

git: data exfiltration with maliciously crafted repository↗2023-02-14

▶

Debian

CVE-2023-22490: git - Git is a revision control system. Using a specially-crafted repository, Git prio...↗2023

▶