PT-2024-3698 · Git+9 · Git+9

Jeff King

Published

2024-04-12

Updated

2025-02-03

CVE-2024-32465

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Git (affected versions not specified)

Description The issue is related to an incorrect restriction of the path name to a directory with limited access in the distributed version control system Git. Exploitation of this issue may allow an attacker to bypass protection when cloning untrusted repositories.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALSA-2024:4083

ALSA-2024:4084

AZL-42046

AZL-43053

BDU:2024-04042

BIT-GIT-2024-32465

CESA-2024_4084

CVE-2024-32465

DLA-3844-1

DLA-3867-1

DSA-5769-1

GHSA-VM9J-46J9-QVQ4

INFSA-2024_4083

INFSA-2024_4084

MGASA-2024-0204

OESA-2024-1662

OPENSUSE-SU-2024:13968-1

OPENSUSE-SU-2024_1807-1

OPENSUSE-SU-2024_2277-1

RHSA-2024:4083

RHSA-2024:4084

RHSA-2024:4368

RHSA-2024_4083

RHSA-2024_4084

RLSA-2024:4083

RLSA-2024:4084

SUSE-SU-2024:1807-1

SUSE-SU-2024:1807-2

SUSE-SU-2024:1854-1

SUSE-SU-2024:2277-1

SUSE-SU-2025:0197-1

SUSE-SU-2025:20049-1

SUSE-SU-2025_0197-1

USN-6793-1

USN-7023-1

Affected Products

Almalinux

Astra Linux

Centos

Git

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2024-3698 · Git+9 · Git+9

CVE-2024-32465

Weakness Enumeration

Related Identifiers

Affected Products

References · 130