CVE-2008-5916

EUVD-2008-5886
gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Affected Products (NVD)
VendorProductVersion
gitgit
1.4.3.1
gitgit
1.4.3.2
gitgit
1.4.3.3
gitgit
1.4.3.4
gitgit
1.4.3.5
gitgit
1.4.4
gitgit
1.4.4.1
gitgit
1.4.4.2
gitgit
1.4.4.3
gitgit
1.4.4.4
gitgit
1.5.0
gitgit
1.5.0:rc2
gitgit
1.5.0:rc3
gitgit
1.5.0:rc4
gitgit
1.5.0.1
gitgit
1.5.0.2
gitgit
1.5.0.3
gitgit
1.5.0.4
gitgit
1.5.0.5
gitgit
1.5.0.6
gitgit
1.5.0.7
gitgit
1.5.1
gitgit
1.5.1.1
gitgit
1.5.1.2
gitgit
1.5.1.3
gitgit
1.5.1.4
gitgit
1.5.1.5
gitgit
1.5.1.6
gitgit
1.5.2
gitgit
1.5.2.1
gitgit
1.5.2.2
gitgit
1.5.2.3
gitgit
1.5.2.4
gitgit
1.5.2.5
gitgit
1.5.3
gitgit
1.5.3:rc4
gitgit
1.5.3:rc5
gitgit
1.5.3:rc7
gitgit
1.5.3.1
gitgit
1.5.3.2
gitgit
1.5.3.3
gitgit
1.5.3.4
gitgit
1.5.3.5
gitgit
1.5.3.6
gitgit
1.5.3.7
gitgit
1.5.3.8
gitgit
1.5.4
gitgit
1.5.4:rc0
gitgit
1.5.4:rc1
gitgit
1.5.4:rc1.1136.g2794
gitgit
1.5.4:rc2
gitgit
1.5.4:rc3
gitgit
1.5.4:rc4
gitgit
1.5.4:rc5
gitgit
1.5.4.1
gitgit
1.5.4.2
gitgit
1.5.4.3
gitgit
1.5.4.4
gitgit
1.5.4.5
gitgit
1.5.4.6
gitgit
1.5.5
gitgit
1.5.5:rc1
gitgit
1.5.5:rc2
gitgit
1.5.5:rc3
gitgit
1.5.5.1
gitgit
1.5.5.2
gitgit
1.5.5.3
gitgit
1.5.5.3:r1
gitgit
1.5.5.4
gitgit
1.5.5.5
gitgit
1.5.6
gitgit
1.5.6.1
gitgit
1.5.6.2
gitgit
1.5.6.3
gitgit
1.5.6.4
gitgit
1.5.6.5
gitgit
1.6.0
gitgit
1.6.0:rc1
gitgit
1.6.0:rc2
gitgit
1.6.0:rc3
gitgit
1.6.0.1
gitgit
1.6.0.2
gitgit
1.6.0.3
gitgit
1.6.0.4
gitgit
1.6.0.5
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
git-core
dapper
not-affected
gutsy
not-affected
hardy
Fixed 1:1.5.4.3-1ubuntu2.1
released
intrepid
Fixed 1:1.5.6.3-1.1ubuntu2.1
released
Common Weakness Enumeration
References
http://marc.info/?l=git&m=122975564100860&w=2
http://marc.info/?l=linux-kernel&m=122975564100863&w=2:
http://osvdb.org/50918
http://secunia.com/advisories/33282
http://secunia.com/advisories/33964
http://secunia.com/advisories/34194
http://securityreason.com/securityalert/4922
http://www.gentoo.org/security/en/glsa/glsa-200903-15.xml
http://www.openwall.com/lists/oss-security/2009/01/15/2
http://www.openwall.com/lists/oss-security/2009/01/20/2
http://www.ubuntu.com/usn/USN-723-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/47528
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01169.html
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01170.html
http://marc.info/?l=git&m=122975564100860&w=2
http://marc.info/?l=linux-kernel&m=122975564100863&w=2:
http://osvdb.org/50918
http://secunia.com/advisories/33282
http://secunia.com/advisories/33964
http://secunia.com/advisories/34194
http://securityreason.com/securityalert/4922
http://www.gentoo.org/security/en/glsa/glsa-200903-15.xml
http://www.openwall.com/lists/oss-security/2009/01/15/2
http://www.openwall.com/lists/oss-security/2009/01/20/2
http://www.ubuntu.com/usn/USN-723-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/47528
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01169.html
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01170.html