<p>Upgrade <code>Debian:11</code> <code>git</code> to version 1:2.30.2-1+deb11u1 or higher.</p>

Improper Ownership Management Affecting git package, versions <1:2.30.2-1+deb11u1

Snyk CVSS

Attack Complexity Low

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS 0.05% (16^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-DEBIAN11-GIT-2949145
published 13 Jul 2022
disclosed 12 Jul 2022

Report a new vulnerability Found a mistake?

Introduced: 12 Jul 2022

CVE-2022-29187 Open this link in a new tab CWE-282 Open this link in a new tab CWE-427 Open this link in a new tab

How to fix?

Upgrade Debian:11 git to version 1:2.30.2-1+deb11u1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Debian. See How to fix? for Debian:11 relevant fixed versions and status.

Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.