Home

CVE-2017-1000117

Description

A malicious third-party can give a crafted ssh://... URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victims machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running git clone --recurse-submodules to trigger the vulnerability.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
75.874

Associated Vulnerability

VulnerabilityOS Platform
Vulnerability CVE-2017-1000117 are affected in Git (x64) 2.14.0Windows
Vulnerability CVE-2017-1000117 are affected in Git 2.14.0Windows
Vulnerabilities CVE-2017-1000117 are affected in Git (X64) 2.10.0Windows
Vulnerabilities CVE-2017-1000117 are affected in Git (X64) 2.10.1Windows
Vulnerabilities CVE-2017-1000117 are affected in Git (X64) 2.10.2Windows
Vulnerabilities CVE-2017-1000117 are affected in Git (X64) 2.10.3Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git (X64) 2.11.0Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git (X64) 2.11.1Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git (X64) 2.11.2Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git (X64) 2.12.0Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git (X64) 2.12.1Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git (X64) 2.12.2Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git (X64) 2.12.3Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git (X64) 2.13.0Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git (X64) 2.13.1Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git (X64) 2.13.2Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git (X64) 2.13.3Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git (X64) 2.13.4Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git (X64) 2.14.0Windows
Vulnerabilities CVE-2017-1000117 are affected in Git (X64) 2.7.5Windows
Vulnerabilities CVE-2017-1000117 are affected in Git (X64) 2.8.0Windows
Vulnerabilities CVE-2017-1000117 are affected in Git (X64) 2.8.1Windows
Vulnerabilities CVE-2017-1000117 are affected in Git (X64) 2.8.2Windows
Vulnerabilities CVE-2017-1000117 are affected in Git (X64) 2.8.3Windows
Vulnerabilities CVE-2017-1000117 are affected in Git (X64) 2.8.4Windows
Vulnerabilities CVE-2017-1000117 are affected in Git (X64) 2.8.5Windows
Vulnerabilities CVE-2017-1000117 are affected in Git (X64) 2.9.0Windows
Vulnerabilities CVE-2017-1000117 are affected in Git (X64) 2.9.1Windows
Vulnerabilities CVE-2017-1000117 are affected in Git (X64) 2.9.2Windows
Vulnerabilities CVE-2017-1000117 are affected in Git (X64) 2.9.3Windows
Vulnerabilities CVE-2017-1000117 are affected in Git (X64) 2.9.4Windows
Vulnerabilities CVE-2017-1000117 are affected in Git 2.10.0Windows
Vulnerabilities CVE-2017-1000117 are affected in Git 2.10.1Windows
Vulnerabilities CVE-2017-1000117 are affected in Git 2.10.2Windows
Vulnerabilities CVE-2017-1000117 are affected in Git 2.10.3Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git 2.11.0Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git 2.11.1Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git 2.11.2Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git 2.12.0Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git 2.12.1Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git 2.12.2Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git 2.12.3Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git 2.13.0Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git 2.13.1Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git 2.13.2Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git 2.13.3Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git 2.13.4Windows
Vulnerabilities CVE-2017-1000117,CVE-2017-14867 are affected in Git 2.14.0Windows
Vulnerabilities CVE-2017-1000117 are affected in Git 2.7.5Windows
Vulnerabilities CVE-2017-1000117 are affected in Git 2.8.0Windows
Vulnerabilities CVE-2017-1000117 are affected in Git 2.8.1Windows
Vulnerabilities CVE-2017-1000117 are affected in Git 2.8.2Windows
Vulnerabilities CVE-2017-1000117 are affected in Git 2.8.3Windows
Vulnerabilities CVE-2017-1000117 are affected in Git 2.8.4Windows
Vulnerabilities CVE-2017-1000117 are affected in Git 2.8.5Windows
Vulnerabilities CVE-2017-1000117 are affected in Git 2.9.0Windows
Vulnerabilities CVE-2017-1000117 are affected in Git 2.9.1Windows
Vulnerabilities CVE-2017-1000117 are affected in Git 2.9.2Windows
Vulnerabilities CVE-2017-1000117 are affected in Git 2.9.3Windows
Vulnerabilities CVE-2017-1000117 are affected in Git 2.9.4Windows
fast, scalable, distributed revision control system (USN-3387-1) git_1.9.1-1ubuntu0.6_amd64.debLinux
fast, scalable, distributed revision control system (USN-3387-1) git_2.7.4-0ubuntu1.2_i386.debLinux
fast, scalable, distributed revision control system (USN-3387-1) git_2.7.4-0ubuntu1.2_amd64.debLinux
fast, scalable, distributed revision control system (USN-3387-1) git_2.11.0-2ubuntu0.2_i386.debLinux
fast, scalable, distributed revision control system (USN-3387-1) git_2.11.0-2ubuntu0.2_amd64.debLinux
git security update(DSA-3934-1) git_2.11.0-3_i386.debLinux
git security update(DSA-3934-1) git_2.1.4-2.1+deb8u4_i386.debLinux
Git security update (CESA-2017:2485) git-1.7.1-9.el6_9.i686.rpmLinux
Git security update (CESA-2017:2485) git-1.7.1-9.el6_9.x86_64.rpmLinux
Git security update (CESA-2017:2485) gitk-1.7.1-9.el6_9.noarch.rpmLinux
Git security update (CESA-2017:2485) gitweb-1.7.1-9.el6_9.noarch.rpmLinux
Git security update (CESA-2017:2485) git-all-1.7.1-9.el6_9.noarch.rpmLinux
Git security update (CESA-2017:2485) git-cvs-1.7.1-9.el6_9.noarch.rpmLinux
Git security update (CESA-2017:2485) git-gui-1.7.1-9.el6_9.noarch.rpmLinux
Git security update (CESA-2017:2485) git-svn-1.7.1-9.el6_9.noarch.rpmLinux
Git security update (CESA-2017:2485) perl-Git-1.7.1-9.el6_9.noarch.rpmLinux
Git security update (CESA-2017:2485) emacs-git-1.7.1-9.el6_9.noarch.rpmLinux
Git security update (CESA-2017:2485) git-email-1.7.1-9.el6_9.noarch.rpmLinux
Git security update (CESA-2017:2485) git-daemon-1.7.1-9.el6_9.i686.rpmLinux
Git security update (CESA-2017:2485) git-daemon-1.7.1-9.el6_9.x86_64.rpmLinux
Git security update (CESA-2017:2485) emacs-git-el-1.7.1-9.el6_9.noarch.rpmLinux
(RHSA-2017:2484) Important: git security update emacs-git-1.8.3.1-12.el7_4.noarch.rpmLinux
(RHSA-2017:2484) Important: git security update emacs-git-el-1.8.3.1-12.el7_4.noarch.rpmLinux
(RHSA-2017:2484) Important: git security update git-1.8.3.1-12.el7_4.x86_64.rpmLinux
(RHSA-2017:2484) Important: git security update git-all-1.8.3.1-12.el7_4.noarch.rpmLinux
(RHSA-2017:2484) Important: git security update git-bzr-1.8.3.1-12.el7_4.noarch.rpmLinux
(RHSA-2017:2484) Important: git security update git-cvs-1.8.3.1-12.el7_4.noarch.rpmLinux
(RHSA-2017:2484) Important: git security update git-daemon-1.8.3.1-12.el7_4.x86_64.rpmLinux
(RHSA-2017:2484) Important: git security update git-email-1.8.3.1-12.el7_4.noarch.rpmLinux
(RHSA-2017:2484) Important: git security update git-gui-1.8.3.1-12.el7_4.noarch.rpmLinux
(RHSA-2017:2484) Important: git security update git-hg-1.8.3.1-12.el7_4.noarch.rpmLinux
(RHSA-2017:2484) Important: git security update git-p4-1.8.3.1-12.el7_4.noarch.rpmLinux
(RHSA-2017:2484) Important: git security update git-svn-1.8.3.1-12.el7_4.x86_64.rpmLinux
(RHSA-2017:2484) Important: git security update gitk-1.8.3.1-12.el7_4.noarch.rpmLinux
(RHSA-2017:2484) Important: git security update gitweb-1.8.3.1-12.el7_4.noarch.rpmLinux
(RHSA-2017:2484) Important: git security update perl-Git-1.8.3.1-12.el7_4.noarch.rpmLinux
(RHSA-2017:2484) Important: git security update perl-Git-SVN-1.8.3.1-12.el7_4.noarch.rpmLinux
(RHSA-2017:2485) Important: git security update emacs-git-1.7.1-9.el6_9.noarch.rpmLinux
(RHSA-2017:2485) Important: git security update emacs-git-el-1.7.1-9.el6_9.noarch.rpmLinux
(RHSA-2017:2485) Important: git security update git-1.7.1-9.el6_9.i686.rpmLinux
(RHSA-2017:2485) Important: git security update git-1.7.1-9.el6_9.x86_64.rpmLinux
(RHSA-2017:2485) Important: git security update git-all-1.7.1-9.el6_9.noarch.rpmLinux
(RHSA-2017:2485) Important: git security update git-cvs-1.7.1-9.el6_9.noarch.rpmLinux
(RHSA-2017:2485) Important: git security update git-daemon-1.7.1-9.el6_9.i686.rpmLinux
(RHSA-2017:2485) Important: git security update git-daemon-1.7.1-9.el6_9.x86_64.rpmLinux
(RHSA-2017:2485) Important: git security update git-email-1.7.1-9.el6_9.noarch.rpmLinux
(RHSA-2017:2485) Important: git security update git-gui-1.7.1-9.el6_9.noarch.rpmLinux
(RHSA-2017:2485) Important: git security update git-svn-1.7.1-9.el6_9.noarch.rpmLinux
(RHSA-2017:2485) Important: git security update gitk-1.7.1-9.el6_9.noarch.rpmLinux
(RHSA-2017:2485) Important: git security update gitweb-1.7.1-9.el6_9.noarch.rpmLinux
(RHSA-2017:2485) Important: git security update perl-Git-1.7.1-9.el6_9.noarch.rpmLinux
URL Redirection to Untrusted Site (Open Redirect) Vulnerability (CVE-2017-1000117)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-342450Git (x64) (2.47.0.2)
PATCH-342449Git (2.47.0.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234