ID CVE-2020-11008
Summary Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a "blank" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's "store" helper - Git's "cache" helper - the "osxkeychain" helper that ships in Git's "contrib" directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability.
References
Vulnerable Configurations
  • cpe:2.3:a:git:git:0.01:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:0.01:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:0.02:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:0.02:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:0.03:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:0.03:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:0.04:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:0.04:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:1.8.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:1.8.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:1.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:1.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:1.8.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:1.8.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:1.8.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:1.8.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:1.8.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:1.8.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:1.8.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:1.8.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:1.8.4:-:*:*:*:*:*:*
    cpe:2.3:a:git:git:1.8.4:-:*:*:*:*:*:*
  • cpe:2.3:a:git:git:1.8.4:rc0:*:*:*:*:*:*
    cpe:2.3:a:git:git:1.8.4:rc0:*:*:*:*:*:*
  • cpe:2.3:a:git:git:1.8.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:1.8.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:1.8.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:1.8.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:1.8.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:1.8.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:1.8.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:1.8.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:1.8.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:1.8.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:1.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:1.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:1.8.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:1.8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:1.8.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:1.8.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:1.8.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:1.8.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:1.8.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:1.8.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:1.8.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:1.8.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:1.8.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:1.8.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:1.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:1.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:1.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:1.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:1.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:1.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:1.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:1.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:1.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:1.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:1.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.4.10:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.4.11:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.4.11:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.4.12:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.4.12:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.8.6:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.8.6:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.10.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.10.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.10.4:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.10.4:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.10.5:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.10.5:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.11.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.11.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.11.4:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.11.4:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.12.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.12.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.12.4:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.12.4:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.12.5:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.12.5:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.13.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.13.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.13.4:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.13.4:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.13.5:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.13.5:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.13.6:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.13.6:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.13.7:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.13.7:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.14.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.14.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.14.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.14.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.14.4:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.14.4:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.14.5:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.14.5:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.14.6:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.14.6:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.15.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.15.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.15.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.15.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.15.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.15.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.15.4:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.15.4:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.16.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.16.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.16.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.16.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.16.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.16.4:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.16.4:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.16.5:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.16.5:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.16.6:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.16.6:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.17.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.17.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.17.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.17.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.17.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.17.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.17.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.17.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.18.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.18.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.18.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.18.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.19.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.19.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.19.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.19.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.19.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.19.4:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.19.4:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.20.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.20.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.20.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.20.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.20.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.20.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.20.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.21.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.21.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.21.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.21.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.21.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.21.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.22.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.22.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.22.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.22.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.22.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.22.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.23.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.23.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.23.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.23.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.24.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.24.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.24.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.24.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.24.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.24.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.25.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.25.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.26.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.26.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.26.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.26.1:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 22-05-2020 - 19:15)
Impact:
Exploitability:
CWE CWE-522
CAPEC
  • Use of Captured Tickets (Pass The Ticket)
    An adversary uses stolen Kerberos tickets to access systems that leverage the Kerberos authentication protocol. The Kerberos authentication protocol centers around a ticketing system which is used to request/grant access to services and to then access the requested services. An adversary can obtain any one of these tickets (e.g. Service Ticket, Ticket Granting Ticket, Silver Ticket, or Golden Ticket) to authenticate to a system without needing the account's credentials. Depending on the ticket obtained, the adversary may be able to access a particular resource or generate TGTs for any account within an Active Directory Domain.
  • Remote Services with Stolen Credentials
    This pattern of attack involves an adversary that uses stolen credentials to leverage remote services such as RDP, telnet, SSH, and VNC to log into a system. Once access is gained, any number of malicious activities could be performed.
  • Signature Spoofing by Key Theft
    An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
  • Use of Captured Hashes (Pass The Hash)
    An adversary uses stolen hash values for a user's credentials (username and password) to access systems managed under the same credential framwork that leverage the Lan Man (LM) and/or NT Lan Man (NTLM) authentication protocols. When authenticating via LM or NTLM, the hashed credentials' associated plaintext credentials are not requried for successful authentication. Therefore, if an adversary can obtain the hashed credentials of a user, he can then pass these hash values to the server or service to authenticate without needing to brute-force the hashes to obtain their cleartext values. The adversary can then impersonate the user and laterally move within the network. This technique can be performed against any operating system which leverages the LM or NTLM protocols.
  • Session Sidejacking
    Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.
  • Modify Existing Service
    When an operating system starts, it also starts programs called services or daemons. Modifying existing services may break existing services or may enable services that are disabled/not commonly used.
  • Windows Admin Shares with Stolen Credentials
    Windows systems have hidden network shares that are only accessible to administrators and allow files to be written to the local computer. Example network shares include: C$, ADMIN$ and IPC$. Adversaries may use valid administrator credentials to remotely access a network share to transfer files and execute code. It is possible for adversaries to use NTLM hashes to access administrator shares on systems with certain configuration and patch levels.
  • Password Recovery Exploitation
    An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same privileges as the original user. Generally password recovery schemes tend to be weak and insecure. Most of them use only one security question . For instance, mother's maiden name tends to be a fairly popular one. Unfortunately in many cases this information is not very hard to find, especially if the attacker knows the legitimate user. These generic security questions are also re-used across many applications, thus making them even more insecure. An attacker could for instance overhear a coworker talking to a bank representative at the work place and supplying their mother's maiden name for verification purposes. An attacker can then try to log in into one of the victim's accounts, click on "forgot password" and there is a good chance that the security question there will be to provide mother's maiden name. A weak password recovery scheme totally undermines the effectiveness of a strong password scheme.
  • Use of Known Domain Credentials
    An adversary uses stolen credentials (e.g., userid and password) to access systems managed under the same credential framework on a local network. Often, users are allowed to login to connected machines using the same password. Discovery of the password on one machine allows for lateral movement to those machines.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
redhat via4
advisories
  • bugzilla
    id 1826001
    title CVE-2020-11008 git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • comment git is earlier than 0:2.18.4-2.el8_2
            oval oval:com.redhat.rhsa:tst:20201980001
          • comment git is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20101003006
        • AND
          • comment git-all is earlier than 0:2.18.4-2.el8_2
            oval oval:com.redhat.rhsa:tst:20201980003
          • comment git-all is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20101003008
        • AND
          • comment git-core is earlier than 0:2.18.4-2.el8_2
            oval oval:com.redhat.rhsa:tst:20201980005
          • comment git-core is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20194356006
        • AND
          • comment git-core-doc is earlier than 0:2.18.4-2.el8_2
            oval oval:com.redhat.rhsa:tst:20201980007
          • comment git-core-doc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20194356008
        • AND
          • comment git-daemon is earlier than 0:2.18.4-2.el8_2
            oval oval:com.redhat.rhsa:tst:20201980009
          • comment git-daemon is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20101003012
        • AND
          • comment git-debugsource is earlier than 0:2.18.4-2.el8_2
            oval oval:com.redhat.rhsa:tst:20201980011
          • comment git-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20194356012
        • AND
          • comment git-email is earlier than 0:2.18.4-2.el8_2
            oval oval:com.redhat.rhsa:tst:20201980013
          • comment git-email is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20101003014
        • AND
          • comment git-gui is earlier than 0:2.18.4-2.el8_2
            oval oval:com.redhat.rhsa:tst:20201980015
          • comment git-gui is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20101003016
        • AND
          • comment git-instaweb is earlier than 0:2.18.4-2.el8_2
            oval oval:com.redhat.rhsa:tst:20201980017
          • comment git-instaweb is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183408024
        • AND
          • comment git-subtree is earlier than 0:2.18.4-2.el8_2
            oval oval:com.redhat.rhsa:tst:20201980019
          • comment git-subtree is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20194356020
        • AND
          • comment git-svn is earlier than 0:2.18.4-2.el8_2
            oval oval:com.redhat.rhsa:tst:20201980021
          • comment git-svn is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20101003018
        • AND
          • comment gitk is earlier than 0:2.18.4-2.el8_2
            oval oval:com.redhat.rhsa:tst:20201980023
          • comment gitk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20101003020
        • AND
          • comment gitweb is earlier than 0:2.18.4-2.el8_2
            oval oval:com.redhat.rhsa:tst:20201980025
          • comment gitweb is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20101003022
        • AND
          • comment perl-Git is earlier than 0:2.18.4-2.el8_2
            oval oval:com.redhat.rhsa:tst:20201980027
          • comment perl-Git is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20101003024
        • AND
          • comment perl-Git-SVN is earlier than 0:2.18.4-2.el8_2
            oval oval:com.redhat.rhsa:tst:20201980029
          • comment perl-Git-SVN is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20152561032
    rhsa
    id RHSA-2020:1980
    released 2020-04-30
    severity Important
    title RHSA-2020:1980: git security update (Important)
  • bugzilla
    id 1826001
    title CVE-2020-11008 git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment emacs-git is earlier than 0:1.8.3.1-23.el7_8
            oval oval:com.redhat.rhsa:tst:20202337001
          • comment emacs-git is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20101003002
        • AND
          • comment emacs-git-el is earlier than 0:1.8.3.1-23.el7_8
            oval oval:com.redhat.rhsa:tst:20202337003
          • comment emacs-git-el is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20101003004
        • AND
          • comment git is earlier than 0:1.8.3.1-23.el7_8
            oval oval:com.redhat.rhsa:tst:20202337005
          • comment git is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20101003006
        • AND
          • comment git-all is earlier than 0:1.8.3.1-23.el7_8
            oval oval:com.redhat.rhsa:tst:20202337007
          • comment git-all is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20101003008
        • AND
          • comment git-bzr is earlier than 0:1.8.3.1-23.el7_8
            oval oval:com.redhat.rhsa:tst:20202337009
          • comment git-bzr is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20152561010
        • AND
          • comment git-cvs is earlier than 0:1.8.3.1-23.el7_8
            oval oval:com.redhat.rhsa:tst:20202337011
          • comment git-cvs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20101003010
        • AND
          • comment git-daemon is earlier than 0:1.8.3.1-23.el7_8
            oval oval:com.redhat.rhsa:tst:20202337013
          • comment git-daemon is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20101003012
        • AND
          • comment git-email is earlier than 0:1.8.3.1-23.el7_8
            oval oval:com.redhat.rhsa:tst:20202337015
          • comment git-email is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20101003014
        • AND
          • comment git-gnome-keyring is earlier than 0:1.8.3.1-23.el7_8
            oval oval:com.redhat.rhsa:tst:20202337017
          • comment git-gnome-keyring is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183408018
        • AND
          • comment git-gui is earlier than 0:1.8.3.1-23.el7_8
            oval oval:com.redhat.rhsa:tst:20202337019
          • comment git-gui is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20101003016
        • AND
          • comment git-hg is earlier than 0:1.8.3.1-23.el7_8
            oval oval:com.redhat.rhsa:tst:20202337021
          • comment git-hg is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20152561020
        • AND
          • comment git-instaweb is earlier than 0:1.8.3.1-23.el7_8
            oval oval:com.redhat.rhsa:tst:20202337023
          • comment git-instaweb is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183408024
        • AND
          • comment git-p4 is earlier than 0:1.8.3.1-23.el7_8
            oval oval:com.redhat.rhsa:tst:20202337025
          • comment git-p4 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20152561022
        • AND
          • comment git-svn is earlier than 0:1.8.3.1-23.el7_8
            oval oval:com.redhat.rhsa:tst:20202337027
          • comment git-svn is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20101003018
        • AND
          • comment gitk is earlier than 0:1.8.3.1-23.el7_8
            oval oval:com.redhat.rhsa:tst:20202337029
          • comment gitk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20101003020
        • AND
          • comment gitweb is earlier than 0:1.8.3.1-23.el7_8
            oval oval:com.redhat.rhsa:tst:20202337031
          • comment gitweb is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20101003022
        • AND
          • comment perl-Git is earlier than 0:1.8.3.1-23.el7_8
            oval oval:com.redhat.rhsa:tst:20202337033
          • comment perl-Git is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20101003024
        • AND
          • comment perl-Git-SVN is earlier than 0:1.8.3.1-23.el7_8
            oval oval:com.redhat.rhsa:tst:20202337035
          • comment perl-Git-SVN is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20152561032
    rhsa
    id RHSA-2020:2337
    released 2020-05-28
    severity Important
    title RHSA-2020:2337: git security update (Important)
rpms
  • rh-git218-git-0:2.18.4-1.el7
  • rh-git218-git-all-0:2.18.4-1.el7
  • rh-git218-git-core-0:2.18.4-1.el7
  • rh-git218-git-core-doc-0:2.18.4-1.el7
  • rh-git218-git-cvs-0:2.18.4-1.el7
  • rh-git218-git-daemon-0:2.18.4-1.el7
  • rh-git218-git-debuginfo-0:2.18.4-1.el7
  • rh-git218-git-email-0:2.18.4-1.el7
  • rh-git218-git-gui-0:2.18.4-1.el7
  • rh-git218-git-instaweb-0:2.18.4-1.el7
  • rh-git218-git-p4-0:2.18.4-1.el7
  • rh-git218-git-subtree-0:2.18.4-1.el7
  • rh-git218-git-svn-0:2.18.4-1.el7
  • rh-git218-gitk-0:2.18.4-1.el7
  • rh-git218-gitweb-0:2.18.4-1.el7
  • rh-git218-perl-Git-0:2.18.4-1.el7
  • rh-git218-perl-Git-SVN-0:2.18.4-1.el7
  • git-0:2.18.4-1.el8_0
  • git-all-0:2.18.4-1.el8_0
  • git-core-0:2.18.4-1.el8_0
  • git-core-debuginfo-0:2.18.4-1.el8_0
  • git-core-doc-0:2.18.4-1.el8_0
  • git-daemon-0:2.18.4-1.el8_0
  • git-daemon-debuginfo-0:2.18.4-1.el8_0
  • git-debuginfo-0:2.18.4-1.el8_0
  • git-debugsource-0:2.18.4-1.el8_0
  • git-email-0:2.18.4-1.el8_0
  • git-gui-0:2.18.4-1.el8_0
  • git-instaweb-0:2.18.4-1.el8_0
  • git-subtree-0:2.18.4-1.el8_0
  • git-svn-0:2.18.4-1.el8_0
  • git-svn-debuginfo-0:2.18.4-1.el8_0
  • gitk-0:2.18.4-1.el8_0
  • gitweb-0:2.18.4-1.el8_0
  • perl-Git-0:2.18.4-1.el8_0
  • perl-Git-SVN-0:2.18.4-1.el8_0
  • git-0:2.18.4-1.el8_1
  • git-all-0:2.18.4-1.el8_1
  • git-core-0:2.18.4-1.el8_1
  • git-core-debuginfo-0:2.18.4-1.el8_1
  • git-core-doc-0:2.18.4-1.el8_1
  • git-daemon-0:2.18.4-1.el8_1
  • git-daemon-debuginfo-0:2.18.4-1.el8_1
  • git-debuginfo-0:2.18.4-1.el8_1
  • git-debugsource-0:2.18.4-1.el8_1
  • git-email-0:2.18.4-1.el8_1
  • git-gui-0:2.18.4-1.el8_1
  • git-instaweb-0:2.18.4-1.el8_1
  • git-subtree-0:2.18.4-1.el8_1
  • git-svn-0:2.18.4-1.el8_1
  • git-svn-debuginfo-0:2.18.4-1.el8_1
  • gitk-0:2.18.4-1.el8_1
  • gitweb-0:2.18.4-1.el8_1
  • perl-Git-0:2.18.4-1.el8_1
  • perl-Git-SVN-0:2.18.4-1.el8_1
  • git-0:2.18.4-2.el8_2
  • git-all-0:2.18.4-2.el8_2
  • git-core-0:2.18.4-2.el8_2
  • git-core-debuginfo-0:2.18.4-2.el8_2
  • git-core-doc-0:2.18.4-2.el8_2
  • git-daemon-0:2.18.4-2.el8_2
  • git-daemon-debuginfo-0:2.18.4-2.el8_2
  • git-debuginfo-0:2.18.4-2.el8_2
  • git-debugsource-0:2.18.4-2.el8_2
  • git-email-0:2.18.4-2.el8_2
  • git-gui-0:2.18.4-2.el8_2
  • git-instaweb-0:2.18.4-2.el8_2
  • git-subtree-0:2.18.4-2.el8_2
  • git-svn-0:2.18.4-2.el8_2
  • git-svn-debuginfo-0:2.18.4-2.el8_2
  • gitk-0:2.18.4-2.el8_2
  • gitweb-0:2.18.4-2.el8_2
  • perl-Git-0:2.18.4-2.el8_2
  • perl-Git-SVN-0:2.18.4-2.el8_2
  • emacs-git-0:1.8.3.1-23.el7_8
  • emacs-git-el-0:1.8.3.1-23.el7_8
  • git-0:1.8.3.1-23.el7_8
  • git-all-0:1.8.3.1-23.el7_8
  • git-bzr-0:1.8.3.1-23.el7_8
  • git-cvs-0:1.8.3.1-23.el7_8
  • git-daemon-0:1.8.3.1-23.el7_8
  • git-debuginfo-0:1.8.3.1-23.el7_8
  • git-email-0:1.8.3.1-23.el7_8
  • git-gnome-keyring-0:1.8.3.1-23.el7_8
  • git-gui-0:1.8.3.1-23.el7_8
  • git-hg-0:1.8.3.1-23.el7_8
  • git-instaweb-0:1.8.3.1-23.el7_8
  • git-p4-0:1.8.3.1-23.el7_8
  • git-svn-0:1.8.3.1-23.el7_8
  • gitk-0:1.8.3.1-23.el7_8
  • gitweb-0:1.8.3.1-23.el7_8
  • perl-Git-0:1.8.3.1-23.el7_8
  • perl-Git-SVN-0:1.8.3.1-23.el7_8
  • emacs-git-0:1.8.3.1-23.el7_7
  • emacs-git-el-0:1.8.3.1-23.el7_7
  • git-0:1.8.3.1-23.el7_7
  • git-all-0:1.8.3.1-23.el7_7
  • git-bzr-0:1.8.3.1-23.el7_7
  • git-cvs-0:1.8.3.1-23.el7_7
  • git-daemon-0:1.8.3.1-23.el7_7
  • git-debuginfo-0:1.8.3.1-23.el7_7
  • git-email-0:1.8.3.1-23.el7_7
  • git-gnome-keyring-0:1.8.3.1-23.el7_7
  • git-gui-0:1.8.3.1-23.el7_7
  • git-hg-0:1.8.3.1-23.el7_7
  • git-instaweb-0:1.8.3.1-23.el7_7
  • git-p4-0:1.8.3.1-23.el7_7
  • git-svn-0:1.8.3.1-23.el7_7
  • gitk-0:1.8.3.1-23.el7_7
  • gitweb-0:1.8.3.1-23.el7_7
  • perl-Git-0:1.8.3.1-23.el7_7
  • perl-Git-SVN-0:1.8.3.1-23.el7_7
refmap via4
confirm
fedora
  • FEDORA-2020-4e093619bb
  • FEDORA-2020-b2a2c830cf
  • FEDORA-2020-f6b3b6fb18
fulldisc 20200522 APPLE-SA-2020-05-20-1 Xcode 11.5
gentoo GLSA-202004-13
misc
mlist [debian-lts-announce] 20200424 [SECURITY] [DLA 2182-1] git security update
suse openSUSE-SU-2020:0598
ubuntu USN-4334-1
Last major update 22-05-2020 - 19:15
Published 21-04-2020 - 19:15
Last modified 22-05-2020 - 19:15
Back to Top