ID CVE-2019-1348
Summary An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths.
References
Vulnerable Configurations
  • cpe:2.3:a:git:git:2.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.14.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.14.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.14.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.14.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.14.4:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.14.4:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.14.5:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.14.5:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.15.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.15.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.15.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.15.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.15.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.15.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.16.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.16.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.16.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.16.3:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.16.3:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.16.4:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.16.4:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.16.5:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.16.5:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.17.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.17.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.17.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.17.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.17.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.17.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.18.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.18.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.19.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.19.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.19.2:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.20.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.20.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.20.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.21.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.21.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.22.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.22.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.22.1:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.22.1:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.23.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:git:git:2.24.0:*:*:*:*:*:*:*
    cpe:2.3:a:git:git:2.24.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
CVSS
Base: 3.6 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:P/A:P
redhat via4
advisories
rhsa
id RHSA-2020:0228
rpms
  • git-0:2.18.2-1.el8_1
  • git-all-0:2.18.2-1.el8_1
  • git-core-0:2.18.2-1.el8_1
  • git-core-debuginfo-0:2.18.2-1.el8_1
  • git-core-doc-0:2.18.2-1.el8_1
  • git-daemon-0:2.18.2-1.el8_1
  • git-daemon-debuginfo-0:2.18.2-1.el8_1
  • git-debuginfo-0:2.18.2-1.el8_1
  • git-debugsource-0:2.18.2-1.el8_1
  • git-email-0:2.18.2-1.el8_1
  • git-gui-0:2.18.2-1.el8_1
  • git-instaweb-0:2.18.2-1.el8_1
  • git-subtree-0:2.18.2-1.el8_1
  • git-svn-0:2.18.2-1.el8_1
  • git-svn-debuginfo-0:2.18.2-1.el8_1
  • gitk-0:2.18.2-1.el8_1
  • gitweb-0:2.18.2-1.el8_1
  • perl-Git-0:2.18.2-1.el8_1
  • perl-Git-SVN-0:2.18.2-1.el8_1
  • rh-git218-git-0:2.18.2-1.el7
  • rh-git218-git-all-0:2.18.2-1.el7
  • rh-git218-git-core-0:2.18.2-1.el7
  • rh-git218-git-core-doc-0:2.18.2-1.el7
  • rh-git218-git-cvs-0:2.18.2-1.el7
  • rh-git218-git-daemon-0:2.18.2-1.el7
  • rh-git218-git-debuginfo-0:2.18.2-1.el7
  • rh-git218-git-email-0:2.18.2-1.el7
  • rh-git218-git-gui-0:2.18.2-1.el7
  • rh-git218-git-instaweb-0:2.18.2-1.el7
  • rh-git218-git-p4-0:2.18.2-1.el7
  • rh-git218-git-subtree-0:2.18.2-1.el7
  • rh-git218-git-svn-0:2.18.2-1.el7
  • rh-git218-gitk-0:2.18.2-1.el7
  • rh-git218-gitweb-0:2.18.2-1.el7
  • rh-git218-perl-Git-0:2.18.2-1.el7
  • rh-git218-perl-Git-SVN-0:2.18.2-1.el7
  • git-0:2.18.2-1.el8_0
  • git-all-0:2.18.2-1.el8_0
  • git-core-0:2.18.2-1.el8_0
  • git-core-debuginfo-0:2.18.2-1.el8_0
  • git-core-doc-0:2.18.2-1.el8_0
  • git-daemon-0:2.18.2-1.el8_0
  • git-daemon-debuginfo-0:2.18.2-1.el8_0
  • git-debuginfo-0:2.18.2-1.el8_0
  • git-debugsource-0:2.18.2-1.el8_0
  • git-email-0:2.18.2-1.el8_0
  • git-gui-0:2.18.2-1.el8_0
  • git-instaweb-0:2.18.2-1.el8_0
  • git-subtree-0:2.18.2-1.el8_0
  • git-svn-0:2.18.2-1.el8_0
  • git-svn-debuginfo-0:2.18.2-1.el8_0
  • gitk-0:2.18.2-1.el8_0
  • gitweb-0:2.18.2-1.el8_0
  • perl-Git-0:2.18.2-1.el8_0
  • perl-Git-SVN-0:2.18.2-1.el8_0
refmap via4
confirm https://support.apple.com/kb/HT210729
gentoo
  • GLSA-202003-30
  • GLSA-202003-42
misc
suse
  • openSUSE-SU-2020:0123
  • openSUSE-SU-2020:0598
Last major update 24-08-2020 - 17:37
Published 24-01-2020 - 22:15
Last modified 24-08-2020 - 17:37
Back to Top