vulnerability
Oracle Linux: CVE-2017-8386: ELSA-2017-2004: git security and bug fix update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:H/Au:S/C:P/I:P/A:P) | 2017-05-05 | 2017-08-08 | 2024-11-27 |
Severity
5
CVSS
(AV:N/AC:H/Au:S/C:P/I:P/A:P)
Published
2017-05-05
Added
2017-08-08
Modified
2024-11-27
Description
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options.
A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options.
Solution(s)
oracle-linux-upgrade-emacs-gitoracle-linux-upgrade-emacs-git-eloracle-linux-upgrade-gitoracle-linux-upgrade-git-alloracle-linux-upgrade-git-bzroracle-linux-upgrade-git-cvsoracle-linux-upgrade-git-daemonoracle-linux-upgrade-git-emailoracle-linux-upgrade-git-guioracle-linux-upgrade-git-hgoracle-linux-upgrade-gitkoracle-linux-upgrade-git-p4oracle-linux-upgrade-git-svnoracle-linux-upgrade-gitweboracle-linux-upgrade-perl-gitoracle-linux-upgrade-perl-git-svn
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.