8.8

CVE-2017-1000117

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Git-scmGit Version <= 2.7.5
Git-scmGit Version2.8.0
Git-scmGit Version2.8.0 Updaterc0
Git-scmGit Version2.8.0 Updaterc1
Git-scmGit Version2.8.0 Updaterc2
Git-scmGit Version2.8.0 Updaterc3
Git-scmGit Version2.8.1
Git-scmGit Version2.8.2
Git-scmGit Version2.8.3
Git-scmGit Version2.8.4
Git-scmGit Version2.8.5
Git-scmGit Version2.9.0
Git-scmGit Version2.9.0 Updaterc0
Git-scmGit Version2.9.0 Updaterc1
Git-scmGit Version2.9.0 Updaterc2
Git-scmGit Version2.9.1
Git-scmGit Version2.9.2
Git-scmGit Version2.9.3
Git-scmGit Version2.9.4
Git-scmGit Version2.10.0
Git-scmGit Version2.10.0 Updaterc0
Git-scmGit Version2.10.0 Updaterc1
Git-scmGit Version2.10.0 Updaterc2
Git-scmGit Version2.10.1
Git-scmGit Version2.10.2
Git-scmGit Version2.10.3
Git-scmGit Version2.11.0
Git-scmGit Version2.11.0 Updaterc0
Git-scmGit Version2.11.0 Updaterc1
Git-scmGit Version2.11.0 Updaterc2
Git-scmGit Version2.11.0 Updaterc3
Git-scmGit Version2.11.1
Git-scmGit Version2.11.2
Git-scmGit Version2.12.0
Git-scmGit Version2.12.0 Updaterc0
Git-scmGit Version2.12.0 Updaterc1
Git-scmGit Version2.12.0 Updaterc2
Git-scmGit Version2.12.1
Git-scmGit Version2.12.2
Git-scmGit Version2.12.3
Git-scmGit Version2.13.0
Git-scmGit Version2.13.0 Updaterc0
Git-scmGit Version2.13.0 Updaterc1
Git-scmGit Version2.13.0 Updaterc2
Git-scmGit Version2.13.1
Git-scmGit Version2.13.2
Git-scmGit Version2.13.3
Git-scmGit Version2.13.4
Git-scmGit Version2.14.0
Git-scmGit Version2.14.0 Updaterc0
Git-scmGit Version2.14.0 Updaterc1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 77.82% 0.995
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://access.redhat.com/errata/RHSA-2017:2491
https://support.apple.com/HT208103
Third Party Advisory
https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1466490.html
https://access.redhat.com/errata/RHSA-2017:2674
https://access.redhat.com/errata/RHSA-2017:2675
http://www.debian.org/security/2017/dsa-3934
http://www.securityfocus.com/bid/100283
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039131
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:2484
https://access.redhat.com/errata/RHSA-2017:2485
https://security.gentoo.org/glsa/201709-10
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/42599/
Third Party Advisory
VDB Entry