Main Vulnerability Database Vulnerabilities #VU81948

#VU81948 Link following in JGit - CVE-2023-4759

Published: October 12, 2023

Vulnerability identifier: #VU81948

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-4759

CWE-ID: CWE-59

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
JGit

Software vendor:
Eclipse

Description

The vulnerability allows a remote attacker to overwrite files on the system.

The vulnerability exists due to an insecure link following. A remote attacker can place a specially crafted symbolic link into the repository, trick the victim into cloning it and overwrite arbitrary files on the system.

Remediation

Install updates from vendor's website.

External links

https://projects.eclipse.org/projects/technology.jgit/releases/6.6.1
https://git.eclipse.org/c/jgit/jgit.git/commit/?id=9072103f3b3cf64dd12ad2949836ab98f62dabf1
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/11

#VU81948 Link following in JGit - CVE-2023-4759

Description

Remediation

External links

Please verify you're human