Description

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.

Remediation

References

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html

https://lore.kernel.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/T/#u

https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/

https://security.gentoo.org/glsa/202003-30

Related Vulnerabilities

CVE-2020-6451 Vulnerability in npm package electron

CVE-2022-35915 Vulnerability in npm package @openzeppelin/contracts-upgradeable

CVE-2020-2251 Vulnerability in maven package org.jenkins-ci.plugins:soapui-pro-functional-testing

CVE-2022-46175 Vulnerability in maven package org.webjars.bower:json5

CVE-2018-1000665 Vulnerability in maven package org.webjars.bowergithub.dojo:dojo

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory NVD-CWE-Other