VDB
BIT-git-2020-5260
BIT-git-2020-5260
PUBLISHED
CVSS 7.5 HIGH
malicious URLs may cause Git to present stored credentials to the wrong server
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | git | 0, 2.22.0, 0 |
Timeline
- Mar 6, 2024 CVE Published
- Mar 13, 2026 CVE Updated
- Apr 30, 2026 Distribution Patch
References
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00027.html url
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html url
- http://packetstormsecurity.com/files/157250/Git-Credential-Helper-Protocol-Newline-Injection.html url
- http://www.openwall.com/lists/oss-security/2020/04/15/5 url
- http://www.openwall.com/lists/oss-security/2020/04/15/6 url
- http://www.openwall.com/lists/oss-security/2020/04/20/1 url
- https://github.com/git/git/commit/9a6bbee8006c24b46a85d29e7b38cfa79e9ab21b url
- https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q url
- https://lists.debian.org/debian-lts-announce/2020/04/msg00010.html url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74Q7WVJ6FKLIN62VS2JD2XCNWK5TNKOW/ url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7TVS5UG6JD3MYIGSBKMIOS6AF7CR5IPI/ url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MOCTR2SEHCPSCOVUQJAGFPGKFMI2VE6V/ url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PN3FUOXKX3AXTULYV53ACABER2W2FSOU/ url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XPCEOIFLLEF24L6GLVJVFZX4CREDEHDF/ url
- https://lore.kernel.org/git/xmqqy2qy7xn8.fsf%40gitster.c.googlers.com/ url
- https://security.gentoo.org/glsa/202004-13 url
- https://support.apple.com/kb/HT211141 url
- https://usn.ubuntu.com/4329-1/ url
- https://www.debian.org/security/2020/dsa-4657 url
- https://nvd.nist.gov/vuln/detail/CVE-2020-5260 url