CVE-2024-32020

CWE-281 CWE-629 documents7 sources

Severity

3.3LOW

EPSS

0.2%

top 62.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GIT GIT Git-scm GIT Fedoraproject Fedora

Timeline

PublishedMay 14

Latest updateSep 19

Description

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user. Cloning local repositories will cause Git to either copy or hardlink files of the source repositor…

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:LExploitability: 0.8 | Impact: 2.7

Affected Packages3 packages

▶CVEListV5git/git< 2.39.4+6

▶NVDgit-scm/git2.40.0 — 2.40.2+6

▶Debiangit< 1:2.39.5-0+deb12u1+2

Also affects: Fedora 40

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

git vulnerabilities↗2024-05-28

▶

OSV

CVE-2024-32020: Git is a revision control system↗2024-05-14

▶

CVEList

Cloning local Git repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will↗2024-05-14

▶

📋Vendor Advisories

Ubuntu

Git vulnerabilities↗2024-09-19

▶

Ubuntu

Git vulnerabilities↗2024-05-28

▶

Microsoft

Cloning local Git repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will↗2024-05-14

▶

Red Hat

git: insecure hardlinks↗2024-05-14

▶

Debian

CVE-2024-32020: git - Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42...↗2024

▶