vulnerability
Red Hat: CVE-2024-32020: git: insecure hardlinks (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:H/Au:S/C:N/I:P/A:P) | May 14, 2024 | Jun 26, 2024 | Jun 12, 2026 |
Severity
2
CVSS
(AV:L/AC:H/Au:S/C:N/I:P/A:P)
Published
May 14, 2024
Added
Jun 26, 2024
Modified
Jun 12, 2026
Description
A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a different user, this can introduce a security risk. At any time in the future, the original repo owner could rewrite the hardlinked files in the cloned user's repo.
Solutions
redhat-upgrade-gitredhat-upgrade-git-allredhat-upgrade-git-coreredhat-upgrade-git-core-debuginforedhat-upgrade-git-core-docredhat-upgrade-git-credential-libsecretredhat-upgrade-git-credential-libsecret-debuginforedhat-upgrade-git-daemonredhat-upgrade-git-daemon-debuginforedhat-upgrade-git-debuginforedhat-upgrade-git-debugsourceredhat-upgrade-git-emailredhat-upgrade-git-guiredhat-upgrade-git-instawebredhat-upgrade-git-subtreeredhat-upgrade-git-svnredhat-upgrade-gitkredhat-upgrade-gitwebredhat-upgrade-perl-gitredhat-upgrade-perl-git-svn
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.