9.8
CVE-2015-7545
- EPSS 20.14%
- Veröffentlicht 13.04.2016 15:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Git Project ≫ Git Version <= 2.3.9
Git Project ≫ Git Version2.4.0
Git Project ≫ Git Version2.4.1
Git Project ≫ Git Version2.4.2
Git Project ≫ Git Version2.4.3
Git Project ≫ Git Version2.4.4
Git Project ≫ Git Version2.4.5
Git Project ≫ Git Version2.4.6
Git Project ≫ Git Version2.4.7
Git Project ≫ Git Version2.4.8
Git Project ≫ Git Version2.4.9
Git Project ≫ Git Version2.5.0
Git Project ≫ Git Version2.5.1
Git Project ≫ Git Version2.5.2
Git Project ≫ Git Version2.5.3
Git Project ≫ Git Version2.6.0
Redhat ≫ Software Collections Version1.0
Canonical ≫ Ubuntu Linux Version12.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version15.04
Canonical ≫ Ubuntu Linux Version15.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 20.14% | 0.971 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://github.com/git/git/blob/master/Documentation/RelNotes/2.5.4.txt
https://security.gentoo.org/glsa/201605-01
http://lists.opensuse.org/opensuse-updates/2015-11/msg00066.html
http://rhn.redhat.com/errata/RHSA-2015-2515.html
http://www.debian.org/security/2016/dsa-3435
http://www.openwall.com/lists/oss-security/2015/12/08/5
http://www.openwall.com/lists/oss-security/2015/12/09/8
http://www.openwall.com/lists/oss-security/2015/12/11/7
http://www.securityfocus.com/bid/78711
http://www.securitytracker.com/id/1034501
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.533255
http://www.ubuntu.com/usn/USN-2835-1
https://bugzilla.redhat.com/show_bug.cgi?id=1269794
https://github.com/git/git/blob/master/Documentation/RelNotes/2.3.10.txt
https://github.com/git/git/blob/master/Documentation/RelNotes/2.4.10.txt
https://github.com/git/git/blob/master/Documentation/RelNotes/2.6.1.txt
https://kernel.googlesource.com/pub/scm/git/git/+/33cfccbbf35a56e190b79bdec5c85457c952a021
https://lkml.org/lkml/2015/10/5/683