Main Vulnerability Database SB2022071347

SB2022071347 - Privilege escalation in Git

Published: July 13, 2022

Security Bulletin ID SB2022071347

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-29187)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions. A remote user can bypass implemented security restrictions and privilege escalation on the system when navigating as root into a shared tmp directory owned by the victim, but where an attacker can create a git repository.

Remediation

Install update from vendor's website.

References

https://github.blog/2022-04-12-git-security-vulnerability-announced
https://lore.kernel.org/git/xmqqv8s2fefi.fsf@gitster.g/T/#u
https://github.com/git/git/security/advisories/GHSA-j342-m5hw-rr3v