Description

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.

Remediation

References

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html

https://security.gentoo.org/glsa/202003-30

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html

https://lore.kernel.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/T/#u

https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/

Related Vulnerabilities

CVE-2020-28445 Vulnerability in npm package npm-help

CVE-2022-36033 Vulnerability in maven package org.jsoup:jsoup

CVE-2023-31454 Vulnerability in maven package org.apache.inlong:manager-service

CVE-2022-24740 Vulnerability in npm package @plone/volto

CVE-2022-43435 Vulnerability in maven package org.jenkins-ci.plugins.plugin:fireline

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory NVD-CWE-Other