Git CVE-2017-8386 Security Bypass Vulnerability

Description: git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a – (dash) character.

Impact:  Remote attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions.

Mitigation: Updates are available. Please check specific vendor advisory for more information.

Reference URL’s:

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8386
• http://www.securityfocus.com/bid/98409/info
• http://seclists.org/bugtraq/2017/May/25
• https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/

Recommended Posts

Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082

02 Oct 2022 - Security Advisories & Alerts

North Korean Hackers Weaponizing Open-Source Software in Latest Cyber Attacks

01 Oct 2022 - Security Advisories & Alerts

Microsoft confirms two Exchange Server zero days are being used in cyberattacks

01 Oct 2022 - News, Security Advisories & Alerts