Git.Clone.URL.Handling.Information.Disclosure
Description
This indicates an attack attempt to exploit an Information Disclosure Vulnerability in Git.
The vulnerability is due to insufficient input validation in the application when handling a crafted HTTP request. An attacker can exploit this vulnerability by using specially-crafted URLs to inject unintended values into the credential helper protocol stream, allowing access to sensitive information.
Affected Products
Git 2.17.0 to 2.17.3
Git 2.18.0 to 2.18.2
Git 2.19.0 to 2.19.3
Git 2.20.0 to 2.20.2
Git 2.21.0 to 2.21.1
Git 2.22.0 to 2.22.2
Git 2.23.0 to 2.23.1
Git 2.24.0 to 2.24.1
Git 2.25.0 to 2.25.2
Git 2.26.0
Impact
Information Disclosure: Remote attackers can gain credentials from vulnerable systems.
Recommended Actions
Apply the most recent patch from Git.
https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |