Access Restriction Bypass
Affecting git package, versions <1:2.1.4-2.1+deb8u3
Report new vulnerabilities
Do your applications use this vulnerable package?
Test your applications
Overview
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
References
- CONFIRM
- CVE Details
- Debian Security Advisory
- Debian Security Tracker
- Fedora Security Update
- Fedora Security Update
- Fedora Security Update
- Gentoo Security Advisory
- MISC
- MLIST
- OpenSuse Security Update
- RHSA Security Advisory
- RHSA Security Advisory
- Security Focus
- Security Tracker
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
CVSS Score
8.8
high severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredLow
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityHigh
-
IntegrityHigh
-
AvailabilityHigh
- CVE
- CVE-2017-8386
- Snyk ID
- SNYK-DEBIAN8-GIT-340898
- Disclosed
- 01 Jun, 2017
- Published
- 01 Jun, 2017