中危 Git for Windows 代码问题漏洞（CVE-2022-24765）

CVE编号

CVE-2022-24765

利用情况

暂无

补丁情况

官方补丁

披露时间

2022-04-12

漏洞描述

Git for Windows是Git groups的用于 Windows 的 Git。 Git for Windows 存在代码问题漏洞，该漏洞源于在多用户计算机上不受信任的各方对同一硬盘具有写访问权限。

解决建议

目前厂商已发布升级补丁以修复漏洞，补丁获取链接：https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2

参考链接
http://seclists.org/fulldisclosure/2022/May/31
http://www.openwall.com/lists/oss-security/2022/04/12/7
https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash
https://git-scm.com/docs/git
https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2
https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/[email protected]...
https://lists.fedoraproject.org/archives/list/[email protected]...
https://lists.fedoraproject.org/archives/list/[email protected]...
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24765
https://support.apple.com/kb/HT213261

受影响软件情况

#	类型	厂商	产品	版本	影响面
1
	运行在以下环境
	应用	git-scm	git	*		Up to (excluding) 2.35.2
	运行在以下环境
	系统	alpine_3.13	git	*		Up to (excluding) 2.30.3-r0
	运行在以下环境
	系统	alpine_3.14	git	*		Up to (excluding) 2.32.1-r0
	运行在以下环境
	系统	alpine_3.15	git	*		Up to (excluding) 2.34.2-r0
	运行在以下环境
	系统	alpine_3.16	git	*		Up to (excluding) 2.35.2-r0
	运行在以下环境
	系统	alpine_3.17	git	*		Up to (excluding) 1.4.4-r0
	运行在以下环境
	系统	alpine_3.18	git	*		Up to (excluding) 1.4.4-r0
	运行在以下环境
	系统	alpine_edge	git	*		Up to (excluding) 1.4.4-r0
	运行在以下环境
	系统	amazon_2	git	*		Up to (excluding) 2.34.3-1.amzn2.0.2
	运行在以下环境
	系统	amazon_2022	git	*		Up to (excluding) 2.36.1-1.amzn2022.0.1
	运行在以下环境
	系统	amazon_2023	git	*		Up to (excluding) 2.39.1-1.amzn2023.0.2
	运行在以下环境
	系统	amazon_AMI	git	*		Up to (excluding) 2.36.1-1.75.amzn1
	运行在以下环境
	系统	anolis_os_8	gitk	*		Up to (excluding) 2.39.3-1.0.1
	运行在以下环境
	系统	centos_8	git-svn	*		Up to (excluding) 2.39.1-1.el8
	运行在以下环境
	系统	debian_10	git	*		Up to (excluding) 1:2.20.1-2+deb10u5
	运行在以下环境
	系统	debian_11	git	*		Up to (excluding) 1:2.30.2-1+deb11u1
	运行在以下环境
	系统	debian_12	git	*		Up to (excluding) 1:2.35.2-1
	运行在以下环境
	系统	debian_9	git	*		Up to (including) 2.11.0-3+deb9u7
	运行在以下环境
	系统	debian_sid	git	*		Up to (excluding) 1:2.35.2-1
	运行在以下环境
	系统	fedora_34	git-core	*		Up to (excluding) 2.34.3-1.fc34
	运行在以下环境
	系统	fedora_35	git-instaweb	*		Up to (excluding) 2.35.3-1.fc35
	运行在以下环境
	系统	fedora_36	libgit2	*		Up to (excluding) 0.21.0-6.fc36
	运行在以下环境
	系统	fedora_37	libgit2	*		Up to (excluding) 0.21.0-6.fc37
	运行在以下环境
	系统	fedora_EPEL_9	rust-exa-debugsource	*		Up to (excluding) 0.21.0-7.el9
	运行在以下环境
	系统	kylinos_aarch64_V10	git	*		Up to (excluding) 2.39.1-1.el8
	运行在以下环境
	系统	kylinos_aarch64_V10SP1	git	*		Up to (excluding) 2.27.0-7.ky10
	运行在以下环境
	系统	kylinos_aarch64_V10SP2	git	*		Up to (excluding) 2.27.0-7.ky10
	运行在以下环境
	系统	kylinos_loongarch64_V10SP1	git	*		Up to (excluding) 2.27.0-9.a.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10	git	*		Up to (excluding) 2.39.1-1.el8
	运行在以下环境
	系统	kylinos_x86_64_V10SP1	git	*		Up to (excluding) 2.27.0-7.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP2	git	*		Up to (excluding) 2.27.0-7.ky10
	运行在以下环境
系统	opensuse_Leap_15.3	libgit2-26-32bit	*		Up to (excluding) 2.35.3-150300.10.12.1
运行在以下环境
系统	opensuse_Leap_15.4	libgit2-28-32bit	*		Up to (excluding) 2.35.3-150300.10.12.1
运行在以下环境
系统	oracle_8	oraclelinux-release	*		Up to (excluding) 2.39.1-1.el8
运行在以下环境
系统	oracle_9	oraclelinux-release	*		Up to (excluding) 2.39.1-1.el9
运行在以下环境
系统	redhat_8	git-svn	*		Up to (excluding) 2.39.1-1.el8
运行在以下环境
系统	redhat_9	git-daemon	*		Up to (excluding) 2.39.1-1.el9
运行在以下环境
系统	suse_12_SP5	git-core	*		Up to (excluding) 2.26.2-27.52.1
运行在以下环境
系统	ubuntu_18.04	git	*		Up to (excluding) 1:2.17.1-1ubuntu0.11
运行在以下环境
系统	ubuntu_20.04	git	*		Up to (excluding) 1:2.25.1-1ubuntu3.4
运行在以下环境
系统	ubuntu_21.10	git	*		Up to (excluding) 1:2.32.0-1ubuntu1.2
运行在以下环境
系统	ubuntu_22.04	git	*		Up to (excluding) 1:2.34.1-1ubuntu1.2
运行在以下环境
系统	ubuntu_22.10	git	*		Up to (excluding) 1:2.34.1-1ubuntu1.2
运行在以下环境
系统	unionos_a	git	*		Up to (excluding) git-2.39.1-1.uelc20.01

阿里云评分 6.2

• 攻击路径 远程
• 攻击复杂度 复杂
• 权限要求 无需权限
• 影响范围 全局影响
• EXP成熟度 未验证
• 补丁情况 官方补丁
• 数据保密性 数据泄露
• 数据完整性 无影响
• 服务器危害 无影响
• 全网数量 N/A

CWE-ID	漏洞类型
CWE-427	对搜索路径元素未加控制

Exp相关链接

- avd.aliyun.com