CVE-2013-0308

The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Severity
UNKNOWN
AV:N/AC:M/Au:N/C:N/I:P/A:N
Atk. Vector
NETWORK
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
git-scmgit
𝑥
≤ 1.8.1.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
git
bullseye
1:2.30.2-1+deb11u2
fixed
bullseye (security)
1:2.30.2-1+deb11u3
fixed
bookworm
1:2.39.2-1.1
fixed
bookworm (security)
1:2.39.5-0+deb12u1
fixed
trixie
1:2.45.2-1
fixed
sid
1:2.45.2-1.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
git
quantal
not-affected
precise
not-affected
oneiric
not-affected
lucid
dne
hardy
not-affected
git-core
quantal
dne
precise
dne
oneiric
dne
lucid
not-affected
hardy
ignored
References