CVE-2017-8386
Description
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
72.73
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| fast, scalable, distributed revision control system (USN-3287-1) git_2.7.4-0ubuntu1.1_i386.deb | Linux |
| fast, scalable, distributed revision control system (USN-3287-1) git_2.7.4-0ubuntu1.1_amd64.deb | Linux |
| fast, scalable, distributed revision control system (USN-3287-1) git_2.9.3-1ubuntu0.1_i386.deb | Linux |
| fast, scalable, distributed revision control system (USN-3287-1) git_2.9.3-1ubuntu0.1_amd64.deb | Linux |
| fast, scalable, distributed revision control system (USN-3287-1) git_2.11.0-2ubuntu0.1_i386.deb | Linux |
| fast, scalable, distributed revision control system (USN-3287-1) git_2.11.0-2ubuntu0.1_amd64.deb | Linux |
| Git 2.7.4-0ubuntu1.1 for Ubuntu 16.04 LTS (x64) git_2.7.4-0ubuntu1.1_amd64.deb | Linux |
| Git 2.7.4-0ubuntu1.1 for Ubuntu 16.04 LTS git_2.7.4-0ubuntu1.1_i386.deb | Linux |
| Git 2.9.3-1ubuntu0.1 for Ubuntu 16.10 (x64) git_2.9.3-1ubuntu0.1_amd64.deb | Linux |
| Git 2.9.3-1ubuntu0.1 for Ubuntu 16.10 git_2.9.3-1ubuntu0.1_i386.deb | Linux |
| Git 2.11.0-2ubuntu0.1 for Ubuntu 17.04 (x64) git_2.11.0-2ubuntu0.1_amd64.deb | Linux |
| Git 2.11.0-2ubuntu0.1 for Ubuntu 17.04 git_2.11.0-2ubuntu0.1_i386.deb | Linux |
| git security update(DSA-3848-1) git_2.1.4-2.1+deb8u3_i386.deb | Linux |
| git security update(DSA-3848-1) git_2.1.4-2.1+deb8u3_kfreebsd-i386.deb | Linux |
| git security update(DSA-3848-1) git_2.1.4-2.1+deb8u3_kfreebsd-amd64.deb | Linux |
| SUSE-SU-2017:1357-1(SUSE Linux Enterprise Server 12-SP1 ) git-core-2.12.3-26.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1357-1(SUSE Linux Enterprise Server 12-SP1 ) git-core-debuginfo-2.12.3-26.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1357-1(SUSE Linux Enterprise Server 12-SP1 ) git-debugsource-2.12.3-26.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1357-1(SUSE Linux Enterprise Server 12-SP1 ) git-doc-2.12.3-26.1.noarch.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234