Severity Rating: HIGH
Software Affected
•Git 2.17.x versions 2.17.4 and prior
•Git 2.18.x versions 2.18.3 and prior
•Git 2.19.x versions 2.19.4 and prior
•Git 2.20.x versions 2.20.3 and prior
•Git 2.21.x versions 2.21.2 and prior
•Git 2.22.x versions 2.22.3 and prior
•Git 2.23.x versions 2.23.2 and prior
•Git 2.24.x versions 2.24.2 and prior
•Git 2.25.x versions 2.25.3 and prior
•Git 2.26.x versions 2.26.1 and prior
Overview
A vulnerability has been reported in Git which could allow a remote
attacker to access stored credentials on a targeted system.
Description
This vulnerability exists in Git due to improper handling of URLs used for
"credential helper" programs. A remote attacker could exploit this
vulnerability by feeding a specially crafted URL to Git running on an
affected system - either directly or through systems which automatically
clone URLs not visible to the user, such as Git sub modules, or package
systems built around Git.
Successful exploitation of this vulnerability could allow the attacker to
access stored credentials on the targeted system.
Solution
Upgrade to the patched versions as mentioned at:
Vendor Information
Git
References
CVE Name
CVE-2020-11008
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.
![Fwd: [CIAD-2020-0033] Multiple Vulnerabilities in Adobe DNG Software Development Kit (SDK)](http://3.bp.blogspot.com/-ZRo8fwgs65M/UZC2jMJpcLI/AAAAAAAAC5Y/EfoFQsr1wzU/s1600/BS+No+Image.gif )