vulnerability
FreeBSD: VID-ced2d47e-8469-11ea-a283-b42e99a1b9c3 (CVE-2020-5260): malicious URLs may present credentials to wrong server
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Apr 22, 2020 | Jun 5, 2020 | Dec 10, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Apr 22, 2020
Added
Jun 5, 2020
Modified
Dec 10, 2025
Description
git security advisory reports: Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server for an HTTP request being made to another server, resulting in credentials for the former being sent to the latter.
Solutions
freebsd-upgrade-package-gitfreebsd-upgrade-package-git-litefreebsd-upgrade-package-git-gui
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.