virus logo Intrusion Prevention

Git.Clone.URL.Handling.Information.Disclosure

description-logoDescription

This indicates an attack attempt to exploit an Information Disclosure Vulnerability in Git.
The vulnerability is due to insufficient input validation in the application when handling a crafted HTTP request. An attacker can exploit this vulnerability by using specially-crafted URLs to inject unintended values into the credential helper protocol stream, allowing access to sensitive information.

affected-products-logoAffected Products

Git 2.17.0 to 2.17.3
Git 2.18.0 to 2.18.2
Git 2.19.0 to 2.19.3
Git 2.20.0 to 2.20.2
Git 2.21.0 to 2.21.1
Git 2.22.0 to 2.22.2
Git 2.23.0 to 2.23.1
Git 2.24.0 to 2.24.1
Git 2.25.0 to 2.25.2
Git 2.26.0

Impact logoImpact

Information Disclosure: Remote attackers can gain credentials from vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent patch from Git.
https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2021-01-05 16.991 Default_action:pass:drop
2020-12-22 16.984
ID 49686
Created Dec 16, 2020
Updated Apr 17, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2020-5260
Exploit Prediction Score 0.31%
Default Action drop
Active
Affected OS All
Affected App Other