Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-1353

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.

Published

2020-01-24T22:15:19.253

Last Modified

2024-11-21T04:36:32.663

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    NVD-CWE-Other
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application git-scm git < 2.14.6 Yes
Application git-scm git < 2.15.4 Yes
Application git-scm git < 2.16.6 Yes
Application git-scm git < 2.17.3 Yes
Application git-scm git < 2.18.2 Yes
Application git-scm git < 2.19.3 Yes
Application git-scm git < 2.20.2 Yes
Application git-scm git < 2.21.1 Yes
Application git-scm git < 2.22.2 Yes
Application git-scm git < 2.23.1 Yes
Application git-scm git < 2.24.1 Yes
Operating System opensuse leap 15.1 Yes
References