8.8

CVE-2017-8386

Exploit

EPSS 75.65%
Published 01.06.2017 16:29:00
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.

Affected products Warnungen 0 Metrics 3 CWE 0 References 17

Data is provided by the National Vulnerability Database (NVD)

Git ≫ Git-shell Version-

Opensuse ≫ Leap Version42.1

Debian ≫ Debian Linux Version8.0

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version16.10

Canonical ≫ Ubuntu Linux Version17.04

Fedoraproject ≫ Fedora Version24

Fedoraproject ≫ Fedora Version25

Fedoraproject ≫ Fedora Version26

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	75.65%	0.989

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

https://access.redhat.com/errata/RHSA-2017:2004

http://lists.opensuse.org/opensuse-updates/2017-05/msg00090.html

Third Party Advisory

Mailing List

http://public-inbox.org/git/xmqq8tm5ziat.fsf%40gitster.mtv.corp.google.com/

http://www.debian.org/security/2017/dsa-3848

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/98409

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1038479

Third Party Advisory

http://www.ubuntu.com/usn/USN-3287-1

Third Party Advisory

Exploit

https://access.redhat.com/errata/RHSA-2017:2491

https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/

Third Party Advisory

Mitigation

https://kernel.googlesource.com/pub/scm/git/git/+/3ec804490a265f4c418a321428c12f3f18b7eff5

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ISHYFLM2ACYHHY3JHCLF75X7UF4ZMDM/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPYRN7APMHY4ZFDPAKD22J5R4QJFY2JP/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDS3LSJJ3YGGQYIVPKQDVOCXWDSF6JGF/

https://security.gentoo.org/glsa/201706-04

https://nvd.nist.gov/vuln/detail/CVE-2017-8386

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-8386

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-8386

EUVD