CVE-2018-11235
Last modified
CVE-2018-11235 is a vulnerability of currently unknown severity. In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. EPSS estimates a 49.19% chance of exploitation in the next 30 days.
Description
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | 8.0 |
| Debian | Debian Linux | 9.0 |
| Canonical | Ubuntu Linux | 14.04 |
| Canonical | Ubuntu Linux | 16.04 |
| Canonical | Ubuntu Linux | 17.10 |
| Canonical | Ubuntu Linux | 18.04 |
| Redhat | Enterprise Linux | 7.0 |
| Redhat | Enterprise Linux Desktop | 7.0 |
| Redhat | Enterprise Linux Server | 7.0 |
| Redhat | Enterprise Linux Server Eus | 7.5 |
| Redhat | Enterprise Linux Workstation | 7.0 |
| Git-Scm | Git | <= 2.13.6 |
| Git-Scm | Git | >= 2.14.0, <= 2.14.3 |
| Git-Scm | Git | >= 2.15.0, <= 2.15.1 |
| Git-Scm | Git | >= 2.16.0, <= 2.16.3 |
| Git-Scm | Git | 2.17.0 |
| Gitforwindows | Git | <= 2.17.1 |
References
- http://www.securityfocus.com/bid/104345Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1040991Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2018:1957Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2147Third Party Advisory
- https://blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/Patch, Technical Description, Vendor Advisory
- https://marc.info/?l=git&m=152761328506724&w=2Release Notes, Third Party Advisory
- https://security.gentoo.org/glsa/201805-13Third Party Advisory
- https://usn.ubuntu.com/3671-1/Third Party Advisory
- https://www.debian.org/security/2018/dsa-4212Third Party Advisory
- https://www.exploit-db.com/exploits/44822/Exploit, Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/104345Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1040991Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2018:1957Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2147Third Party Advisory
- https://blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/Patch, Technical Description, Vendor Advisory
- https://marc.info/?l=git&m=152761328506724&w=2Release Notes, Third Party Advisory
- https://security.gentoo.org/glsa/201805-13Third Party Advisory
- https://usn.ubuntu.com/3671-1/Third Party Advisory
- https://www.debian.org/security/2018/dsa-4212Third Party Advisory
- https://www.exploit-db.com/exploits/44822/Exploit, Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-11235?
How severe is CVE-2018-11235?
How do I fix CVE-2018-11235?
Are you affected by CVE-2018-11235?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST