8.8

CVE-2017-8386

Exploit

EPSS 75.65%
Veröffentlicht 01.06.2017 16:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 17

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Git ≫ Git-shell Version-

Opensuse ≫ Leap Version42.1

Debian ≫ Debian Linux Version8.0

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version16.10

Canonical ≫ Ubuntu Linux Version17.04

Fedoraproject ≫ Fedora Version24

Fedoraproject ≫ Fedora Version25

Fedoraproject ≫ Fedora Version26

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	75.65%	0.989

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

https://access.redhat.com/errata/RHSA-2017:2004

http://lists.opensuse.org/opensuse-updates/2017-05/msg00090.html

Third Party Advisory

Mailing List

http://public-inbox.org/git/xmqq8tm5ziat.fsf%40gitster.mtv.corp.google.com/

http://www.debian.org/security/2017/dsa-3848

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/98409

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1038479

Third Party Advisory

http://www.ubuntu.com/usn/USN-3287-1

Third Party Advisory

Exploit

https://access.redhat.com/errata/RHSA-2017:2491

https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/

Third Party Advisory

Mitigation

https://kernel.googlesource.com/pub/scm/git/git/+/3ec804490a265f4c418a321428c12f3f18b7eff5

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ISHYFLM2ACYHHY3JHCLF75X7UF4ZMDM/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPYRN7APMHY4ZFDPAKD22J5R4QJFY2JP/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDS3LSJJ3YGGQYIVPKQDVOCXWDSF6JGF/

https://security.gentoo.org/glsa/201706-04

https://nvd.nist.gov/vuln/detail/CVE-2017-8386

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-8386

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-8386

EUVD