Explore top 10 tips to secure your open-source projects now. Read More
×
On multi-user machines, Git users might find themselves unexpectedly in a Git
worktree, e.g. when another user created a repository in /tmp, in a mounted
network drive or in a scratch space. Merely having a Git-aware prompt that
runs 'git status' (or 'git diff') and navigating to a directory which is
supposedly not a Git worktree, or opening such a directory in an editor or IDE
such as VS Code or Atom, will potentially run commands defined by that other
user (CVE-2022-24765).
- https://bugs.mageia.org/show_bug.cgi?id=30277
- https://lore.kernel.org/git/xmqqv8veb5i6.fsf@gitster.g/
- https://ubuntu.com/security/notices/USN-5376-1
- https://lore.kernel.org/git/xmqq1qy04iqa.fsf@gitster.g/T/#u
- https://www.cve.org/CVERecord?id=CVE-2022-24765
- 8/core/git-2.30.4-1.mga8
Get the latest Linux and open source security news straight to your inbox.