vulnerability
FreeBSD: VID-9548d6ed-b1da-11ed-b0f4-002590f2a714 (CVE-2023-22490): git -- Local clone-based data exfiltration with non-local transports
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:M/Au:N/C:C/I:N/A:N) | Feb 21, 2023 | Feb 22, 2023 | Dec 10, 2025 |
Severity
5
CVSS
(AV:L/AC:M/Au:N/C:C/I:N/A:N)
Published
Feb 21, 2023
Added
Feb 22, 2023
Modified
Dec 10, 2025
Description
git team reports: Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (c.f., CVE-2022-39253), the objects directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253.
Solution
freebsd-upgrade-package-git
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.