Warning of Critical Vulnerabilities in Git System

The National Cyber Security Centre SK-CERT warns of critical vulnerabilities in Git system that could be exploited by attackers for remote code execution.

Git is a distributed revision control tool. Git is a popular open-source tool used worldwide.

Critical vulnerabilities are tracked as CVE-2022-23521 and CVE-2022-41903. The vulnerabilities allow an unauthenticated attacker to execute code remotely. Both vulnerabilities have been assigned a CVSS score of 9.8.

The following versions of Git system are affected:

• 30.6
• 31.5
• 32.4
• 33.5
• 34.5
• 35.5
• 36.3
• 37.4
• 38.2
• 39.0.

Regarding the mentioned vulnerabilities, the National Cyber Security Centre SK-CERT recommends the following to all operators of vulnerable systems:

• check and update Git to the latest versions where these vulnerabilities are already patched,
• check and update all systems that use Git (e.g. GitLab, which has also released a patch),
• in the event of a cybersecurity incident detection, report the incident to the National Cyber Security Centre SK-CERT at [email protected].

Sources

• https://thehackernews.com/2023/01/git-users-urged-to-update-software-to.html?m=1
• https://www.bleepingcomputer.com/news/security/git-patches-two-critical-remote-code-execution-security-flaws/
• https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89
• https://github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwq
• https://about.gitlab.com/releases/2023/01/17/critical-security-release-gitlab-15-7-5-released/

 

« Späť na zoznam