CVE-2017-1000117

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
git-scmgit
𝑥
≤ 2.7.5
git-scmgit
2.8.0
git-scmgit
2.8.0:rc0
git-scmgit
2.8.0:rc1
git-scmgit
2.8.0:rc2
git-scmgit
2.8.0:rc3
git-scmgit
2.8.1
git-scmgit
2.8.2
git-scmgit
2.8.3
git-scmgit
2.8.4
git-scmgit
2.8.5
git-scmgit
2.9.0
git-scmgit
2.9.0:rc0
git-scmgit
2.9.0:rc1
git-scmgit
2.9.0:rc2
git-scmgit
2.9.1
git-scmgit
2.9.2
git-scmgit
2.9.3
git-scmgit
2.9.4
git-scmgit
2.10.0
git-scmgit
2.10.0:rc0
git-scmgit
2.10.0:rc1
git-scmgit
2.10.0:rc2
git-scmgit
2.10.1
git-scmgit
2.10.2
git-scmgit
2.10.3
git-scmgit
2.11.0
git-scmgit
2.11.0:rc0
git-scmgit
2.11.0:rc1
git-scmgit
2.11.0:rc2
git-scmgit
2.11.0:rc3
git-scmgit
2.11.1
git-scmgit
2.11.2
git-scmgit
2.12.0
git-scmgit
2.12.0:rc0
git-scmgit
2.12.0:rc1
git-scmgit
2.12.0:rc2
git-scmgit
2.12.1
git-scmgit
2.12.2
git-scmgit
2.12.3
git-scmgit
2.13.0
git-scmgit
2.13.0:rc0
git-scmgit
2.13.0:rc1
git-scmgit
2.13.0:rc2
git-scmgit
2.13.1
git-scmgit
2.13.2
git-scmgit
2.13.3
git-scmgit
2.13.4
git-scmgit
2.14.0
git-scmgit
2.14.0:rc0
git-scmgit
2.14.0:rc1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
git
bullseye
1:2.30.2-1+deb11u2
fixed
bullseye (security)
1:2.30.2-1+deb11u3
fixed
bookworm
1:2.39.2-1.1
fixed
bookworm (security)
1:2.39.5-0+deb12u1
fixed
trixie
1:2.45.2-1
fixed
sid
1:2.45.2-1.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
git
zesty
Fixed 1:2.11.0-2ubuntu0.2
released
xenial
Fixed 1:2.7.4-0ubuntu1.2
released
trusty
Fixed 1:1.9.1-1ubuntu0.6
released
Common Weakness Enumeration
References
http://www.debian.org/security/2017/dsa-3934
http://www.securityfocus.com/bid/100283
http://www.securitytracker.com/id/1039131
https://access.redhat.com/errata/RHSA-2017:2484
https://access.redhat.com/errata/RHSA-2017:2485
https://access.redhat.com/errata/RHSA-2017:2491
https://access.redhat.com/errata/RHSA-2017:2674
https://access.redhat.com/errata/RHSA-2017:2675
https://security.gentoo.org/glsa/201709-10
https://support.apple.com/HT208103
https://www.exploit-db.com/exploits/42599/
https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1466490.html
http://www.debian.org/security/2017/dsa-3934
http://www.securityfocus.com/bid/100283
http://www.securitytracker.com/id/1039131
https://access.redhat.com/errata/RHSA-2017:2484
https://access.redhat.com/errata/RHSA-2017:2485
https://access.redhat.com/errata/RHSA-2017:2491
https://access.redhat.com/errata/RHSA-2017:2674
https://access.redhat.com/errata/RHSA-2017:2675
https://security.gentoo.org/glsa/201709-10
https://support.apple.com/HT208103
https://www.exploit-db.com/exploits/42599/
https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1466490.html