PT-2024-3834 · Git+10 · Git+10
Pks-T
·
Published
2024-05-14
·
Updated
2026-01-06
·
CVE-2024-32020
CVSS v3.1
3.9
Low
| Vector | AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Git versions prior to 2.45.1
Git versions prior to 2.44.1
Git versions prior to 2.43.4
Git versions prior to 2.42.2
Git versions prior to 2.41.1
Git versions prior to 2.40.2
Git versions prior to 2.39.4
Description
The issue is related to local clones of Git repositories. When the source and target repositories are on the same disk and owned by different users, Git may create hardlinks to files in the target repository's object database. These hardlinked files can be rewritten by the untrusted user at any point in time. This can lead to unauthorized access and modification of files in the target repository.
Recommendations
For versions prior to 2.45.1, update to version 2.45.1 or later.
For versions prior to 2.44.1, update to version 2.44.1 or later.
For versions prior to 2.43.4, update to version 2.43.4 or later.
For versions prior to 2.42.2, update to version 2.42.2 or later.
For versions prior to 2.41.1, update to version 2.41.1 or later.
For versions prior to 2.40.2, update to version 2.40.2 or later.
For versions prior to 2.39.4, update to version 2.39.4 or later.
Exploit
Fix
Improper Preservation of Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Almalinux
Astra Linux
Centos
Debian
Git
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu