CVE-2024-22190 - OpenCVE

GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Gitpython Project	Gitpython

Configuration 1 [-]

cpe:2.3:a:gitpython_project:gitpython:*:*:*:*:*:python:*:*

References

Link	Resource
https://github.com/gitpython-developers/GitPython/commit/ef3192cc414f2fd9978908454f6fd95243784c7f	Patch
https://github.com/gitpython-developers/GitPython/pull/1792	Patch Vendor Advisory
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-01-11T01:23:17.944Z

Updated: 2024-01-11T01:23:17.944Z

Reserved: 2024-01-08T04:59:27.370Z

Link: CVE-2024-22190

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-01-11T02:15:48.250

Modified: 2024-01-18T13:48:07.553

Link: CVE-2024-22190

JSON object: View

Redhat Information

No data.

CWE

CWE-426

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2024-22190", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-01-08T04:59:27.370Z", "datePublished": "2024-01-11T01:23:17.944Z", "dateUpdated": "2024-01-11T01:23:17.944Z"}, "containers": {"cna": {"title": "Untrusted search path under some conditions on Windows allows arbitrary code execution", "problemTypes": [{"descriptions": [{"cweId": "CWE-426", "lang": "en", "description": "CWE-426: Untrusted Search Path", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx"}, {"name": "https://github.com/gitpython-developers/GitPython/pull/1792", "tags": ["x_refsource_MISC"], "url": "https://github.com/gitpython-developers/GitPython/pull/1792"}, {"name": "https://github.com/gitpython-developers/GitPython/commit/ef3192cc414f2fd9978908454f6fd95243784c7f", "tags": ["x_refsource_MISC"], "url": "https://github.com/gitpython-developers/GitPython/commit/ef3192cc414f2fd9978908454f6fd95243784c7f"}], "affected": [{"vendor": "gitpython-developers", "product": "GitPython", "versions": [{"version": "< 3.1.41", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-11T01:23:17.944Z"}, "descriptions": [{"lang": "en", "value": "GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41."}], "source": {"advisory": "GHSA-2mqj-m65w-jghx", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitpython_project:gitpython:*:*:*:*:*:python:*:*", "matchCriteriaId": "3EFC0264-B10D-4EAA-B78B-FDDEE26A4B8A", "versionEndExcluding": "3.1.41", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41."}, {"lang": "es", "value": "GitPython es una librer\u00eda de Python que se utiliza para interactuar con los repositorios de Git. Existe una soluci\u00f3n incompleta para CVE-2023-40590. En Windows, GitPython usa una ruta de b\u00fasqueda que no es de confianza si usa un shell para ejecutar `git`, as\u00ed como cuando ejecuta `bash.exe` para interpretar ganchos. Si cualquiera de esas funciones se utiliza en Windows, se puede ejecutar un `git.exe` o `bash.exe` malicioso desde un repositorio que no es de confianza. Este problema se solucion\u00f3 en la versi\u00f3n 3.1.41."}], "id": "CVE-2024-22190", "lastModified": "2024-01-18T13:48:07.553", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-01-11T02:15:48.250", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/gitpython-developers/GitPython/commit/ef3192cc414f2fd9978908454f6fd95243784c7f"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/gitpython-developers/GitPython/pull/1792"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-426"}], "source": "security-advisories@github.com", "type": "Primary"}]}