KLA20236
Multiple vulnerabilities in Git for Windows

Обновлено: 16/05/2023
Дата обнаружения
14/02/2023
Уровень угрозы
High
Описание

Multiple vulnerabilities were found in Git for Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. Remote code execution vulnerability in Git can be exploited remotely to execute arbitrary code.
  2. Information disclosure vulnerability in Git can be exploited to obtain sensitive information.
Эксплуатация

The following public exploits exists for this vulnerability:

https://github.com/smash8tap/CVE-2023-22490_PoC

Пораженные продукты

Git for Windows earlier than 2.39.2

Решение

Update to the latest version
Git — Downloading Package

Первичный источник обнаружения
Git security vulnerabilities announced
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

SB 
[?]
Связанные продукты
Git for Windows
CVE-IDS
CVE-2023-239465.0Critical
CVE-2023-224905.0Critical
Узнай статистику распространения уязвимостей в твоем регионе