Vulnerability CVE-2022-29187

Vulnerability Name:

CVE-2022-29187 (CCN-231161)

Assigned:

2022-07-12

Published:

2022-07-12

Updated:

2023-04-14

Summary:

CVSS v3 Severity:

7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2022-29187

Source: security-advisories@github.com
Type: Mailing List, Third Party Advisory
security-advisories@github.com

Source: security-advisories@github.com
Type: Mailing List, Third Party Advisory
security-advisories@github.com

Source: XF
Type: UNKNOWN
git-cve202229187-priv-esc(231161)

Source: security-advisories@github.com
Type: Third Party Advisory
security-advisories@github.com

Source: CCN
Type: Git Repository
Bypass of safe.directory protections

Source: security-advisories@github.com
Type: Third Party Advisory
security-advisories@github.com

Source: security-advisories@github.com
Type: Mailing List, Third Party Advisory
security-advisories@github.com

Source: security-advisories@github.com
Type: Mailing List, Third Party Advisory
security-advisories@github.com

Source: security-advisories@github.com
Type: Mailing List, Third Party Advisory
security-advisories@github.com

Source: security-advisories@github.com
Type: Mailing List, Third Party Advisory
security-advisories@github.com

Source: security-advisories@github.com
Type: Mailing List, Third Party Advisory
security-advisories@github.com

Source: security-advisories@github.com
Type: Mailing List, Third Party Advisory
security-advisories@github.com

Source: security-advisories@github.com
Type: Mailing List, Third Party Advisory
security-advisories@github.com

Source: security-advisories@github.com
Type: Mailing List, Release Notes, Third Party Advisory
security-advisories@github.com

Source: security-advisories@github.com
Type: Third Party Advisory
security-advisories@github.com

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8009	P	git-2.35.3-150300.10.27.1 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:8032	P	libgit2-1_3-1.3.0-150400.3.6.1 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7507	P	git-core-2.35.3-150300.10.27.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:796	P	Security update for libgit2 (Important)	2022-10-04
oval:org.opensuse.security:def:797	P	Security update for libgit2 (Important)	2022-10-04
oval:org.opensuse.security:def:760	P	Security update for libgit2 (Important)	2022-09-15
oval:org.opensuse.security:def:599	P	Security update for git (Important)	2022-07-26
oval:org.opensuse.security:def:3652	P	Security update for git (Important)	2022-07-26
oval:org.opensuse.security:def:3708	P	Security update for git (Important)	2022-07-26
oval:org.opensuse.security:def:95282	P	Security update for git (Important)	2022-07-26
oval:org.opensuse.security:def:95338	P	Security update for git (Important)	2022-07-26
oval:org.opensuse.security:def:118960	P	Security update for git (Important)	2022-07-22
oval:org.opensuse.security:def:125761	P	Security update for git (Important)	2022-07-22
oval:org.opensuse.security:def:5297	P	Security update for git (Important)	2022-07-22
oval:org.opensuse.security:def:119265	P	Security update for git (Important)	2022-07-22
oval:org.opensuse.security:def:126925	P	Security update for git (Important)	2022-07-22
oval:org.opensuse.security:def:6105	P	Security update for git (Important)	2022-07-22
oval:org.opensuse.security:def:119454	P	Security update for git (Important)	2022-07-22
oval:org.opensuse.security:def:127322	P	Security update for git (Important)	2022-07-22
oval:org.opensuse.security:def:118770	P	Security update for git (Important)	2022-07-22
oval:org.opensuse.security:def:119639	P	Security update for git (Important)	2022-07-22

BACK