CVE-2023-29012 — Vulnetix

CVE-2023-29012 PUBLISHED

Es existiert eine Schwachstelle in git. Der Fehler besteht aufgrund einer unsicheren Implementierung der Git CMD-Funktion. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, indem er eine bösartige Datei platziert und das Opfer dazu bringt, den CMD-Befehl in dem Verzeichnis auszuführen, um die Sicherheitsmaßnahmen zu umgehen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.

EPSS 0.11% · 29.2th percentile

Risk Scores

EPSS Score

0.11%

29.2th percentile

Affected Products

Vendor	Product	Versions
Red Hat	Red Hat Enterprise Linux
Ubuntu	Ubuntu Linux
Microsoft	Microsoft .NET Framework 3.5
SUSE	SUSE Linux
Microsoft	Microsoft .NET Framework 4.8
Microsoft	Microsoft Visual Studio 2022 version 17.0
Open Source	Open Source git <2.40.1
Microsoft	Microsoft Visual Studio Code
Microsoft	Microsoft Visual Studio 2022 version 17.6
Open Source	Open Source git <2.34.8
Open Source	Open Source CentOS
Microsoft	Microsoft Visual Studio 2022 version 17.4
Oracle	Oracle Linux
Microsoft	Microsoft .NET Framework 4.6.2
Microsoft	Microsoft Azure DevOps Server 2020.1.2
Debian	Debian Linux
Open Source	Open Source git <2.38.5
Microsoft	Microsoft NuGet 6.4.1
Open Source	Open Source git <2.36.6
Microsoft	Microsoft Visual Studio 2015 Update 3

…and 30 more

Exploit Intelligence

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (circl)
rules.yar (github-yara)
rules.yar (github-yara)
rules.yar (github-yara)
rules.yar (github-yara)
rules.yar (github-yara)
rules.yar (github-yara)
rules.yar (github-yara)
CVE-2023-4863.yar (github-yara)
CVE-2023-4863.yar (github-yara)

…and 5 more exploits

Timeline

Apr 25, 2023 CVE Published
Apr 26, 2023 EPSS Score
Jun 2, 2023 EPSS Score
Jul 9, 2023 EPSS Score
Aug 16, 2023 EPSS Score
Sep 22, 2023 EPSS Score
Oct 5, 2023 PoC Published
Oct 29, 2023 EPSS Score
Dec 5, 2023 EPSS Score
Jan 12, 2024 EPSS Score
Feb 18, 2024 EPSS Score
Mar 26, 2024 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1072.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1072 advisory
https://seclists.org/oss-sec/2023/q2/104 advisory
https://lists.suse.com/pipermail/sle-security-updates/2023-April/014591.html advisory
https://lists.suse.com/pipermail/sle-security-updates/2023-April/014673.html advisory
https://ubuntu.com/security/notices/USN-6050-1 advisory
https://lists.suse.com/pipermail/sle-security-updates/2023-May/014719.html advisory
https://lists.suse.com/pipermail/sle-security-updates/2023-May/014775.html advisory
https://ubuntu.com/security/notices/USN-6050-2 advisory
https://access.redhat.com/errata/RHSA-2023:3192 advisory
https://access.redhat.com/errata/RHSA-2023:3248 advisory
https://access.redhat.com/errata/RHSA-2023:3247 advisory
https://access.redhat.com/errata/RHSA-2023:3246 advisory
https://access.redhat.com/errata/RHSA-2023:3245 advisory
https://access.redhat.com/errata/RHSA-2023:3243 advisory
http://linux.oracle.com/errata/ELSA-2023-3245.html advisory
https://access.redhat.com/errata/RHSA-2023:3263 advisory
https://access.redhat.com/errata/RHSA-2023:3280 advisory
http://linux.oracle.com/errata/ELSA-2023-3263.html advisory
http://linux.oracle.com/errata/ELSA-2023-3246.html advisory

…and 30 more

Open in Interactive Console →