Description

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.

Remediation

References

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html

https://security.gentoo.org/glsa/202003-30

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html

https://lore.kernel.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/T/#u

https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/

Related Vulnerabilities

CVE-2022-21192 Vulnerability in npm package serve-lite

CVE-2020-11022 Vulnerability in maven package org.webjars:jquery

CVE-2023-37943 Vulnerability in maven package org.jenkins-ci.plugins:active-directory

CVE-2018-1000613 Vulnerability in maven package org.bouncycastle.bcprov-jdk15on.1.57.org.bouncycastle:bcprov-jdk15on

CVE-2021-21391 Vulnerability in npm package @ckeditor/ckeditor5-image

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory NVD-CWE-Other