Warning of Critical Vulnerabilities in Git System
The National Cyber Security Centre SK-CERT warns of critical vulnerabilities in Git system that could be exploited by attackers for remote code execution.
Git is a distributed revision control tool. Git is a popular open-source tool used worldwide.
Critical vulnerabilities are tracked as CVE-2022-23521 and CVE-2022-41903. The vulnerabilities allow an unauthenticated attacker to execute code remotely. Both vulnerabilities have been assigned a CVSS score of 9.8.
The following versions of Git system are affected:
- 30.6
- 31.5
- 32.4
- 33.5
- 34.5
- 35.5
- 36.3
- 37.4
- 38.2
- 39.0.
Regarding the mentioned vulnerabilities, the National Cyber Security Centre SK-CERT recommends the following to all operators of vulnerable systems:
- check and update Git to the latest versions where these vulnerabilities are already patched,
- check and update all systems that use Git (e.g. GitLab, which has also released a patch),
- in the event of a cybersecurity incident detection, report the incident to the National Cyber Security Centre SK-CERT at [email protected].
Sources
- https://thehackernews.com/2023/01/git-users-urged-to-update-software-to.html?m=1
- https://www.bleepingcomputer.com/news/security/git-patches-two-critical-remote-code-execution-security-flaws/
- https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89
- https://github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwq
- https://about.gitlab.com/releases/2023/01/17/critical-security-release-gitlab-15-7-5-released/
« Späť na zoznam