VDB
CVE-2008-5916
CVE-2008-5916
PUBLISHED
CVSS 4.599999904632568 MEDIUM
gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query.
EPSS 0.08% · 24.6th percentile
Risk Scores
CVSS 2.0
4.599999904632568
EPSS Score
0.08%
24.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| git | git | 1.4.3.1, 1.4.3.2, 1.4.3.3 |
Timeline
- Jan 21, 2009 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- http://secunia.com/advisories/34194 technical
- http://secunia.com/advisories/33282 technical
- http://secunia.com/advisories/33964 technical
- git-gitweb-privilege-escalation(47528) vdb
- [oss-security] 20090120 Re: CVE request -- git mailing-list
- 50918 vdb
- GLSA-200903-15 vendor-advisory
- [oss-security] 20090115 CVE request -- git mailing-list
- [linux-kernel] 20081220 [Security] gitweb local privilege escalation (fix) mailing-list
- FEDORA-2008-11650 vendor-advisory
- FEDORA-2008-11653 vendor-advisory
- 4922 third-party-advisory
- [git] 20081220 [Security] gitweb local privilege escalation (fix) mailing-list
- USN-723-1 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2008-5916 advisory