Multiple CVE's - Git & Git for Windows

2 years ago
January 18, 2023
10 comments
71 views

Forum|alt.badge.img

+7

dips
Veeam Legend
808 comments

Apologies for the radio silence recently. Had some terrible family news over Christmas and New Year.

Anyway, the following have been published regarding Git and rated has Critical:

CVE-2022-41903 - https://github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwq
CVE-2022-23521 - https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89
CVE-2022-41953 - https://github.com/git-for-windows/git/security/advisories/GHSA-v4px-mx59-w99c - Patch in progress

The last CVE is still to be patched and affects Git for Windows. As a workaround, do not use the GUI from clone a repository, especially from untrusted sources.

“Therefore, malicious repositories can ship with an aspell.exe in their top-level directory which is executed by Git GUI without giving the user a chance to inspect it first, i.e. running untrusted code.”

Forum|alt.badge.img

+21

Chris.Childerhose
Veeam Legend, Veeam Vanguard
8506 comments
2 years ago
January 18, 2023

Sorry to hear about your news hope all is well now. Thanks for sharing these latest updates.

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech

Forum|alt.badge.img

+13

marcofabbri
On the path to Greatness
990 comments
2 years ago
January 18, 2023

Sorry to read that @dips

A giant hug from Italy.

Backups are like pizza, I love them. | Linkedin: @marco-fabbri-it

Forum|alt.badge.img

+13

marcofabbri
On the path to Greatness
990 comments
2 years ago
January 18, 2023

Talking about that, there’s a full analysis here: https://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/

And here to check about last update: https://about.gitlab.com/update/

Note: GitLab releases have skipped 15.7.4, 15.6.5, and 15.5.8.

Backups are like pizza, I love them. | Linkedin: @marco-fabbri-it

Forum|alt.badge.img

+22

Geoff Burke
Veeam Legend, Veeam Vanguard
1318 comments
2 years ago
January 18, 2023

Sorry to hear that as well Dips. Stay Strong!

VMCA2024, VMCE2023, VMCE2024-SP,CKA, LFCS, PCA,TARS

Forum|alt.badge.img

+17

JMeixner
On the path to Greatness
2650 comments
2 years ago
January 18, 2023

Sorry to hear this @dips. All the best.

Jochen (Joe) Meixner | Veeam Vanguard 2024 | Veeam Legend 2021 - 2024 | Veeam Certified Architect (VMCA) | Twitter: @JoMeix | BlueSky: @jmeixner.bsky.social

Forum|alt.badge.img

+11

Iams3le
Veeam Legend
1394 comments
2 years ago
January 18, 2023

Sorry to hear this @dips. Stay strong!

[Microsoft MVP | Veeam Legend (2021 -2025) | VMware vExpert 5x | Cisco Champion 3x | Object First Ace 2x]

Forum|alt.badge.img

+4

Inder
Experienced User
576 comments
2 years ago
January 19, 2023

Sorry to hear .. hope all good now !

Inder | www.thenetworkdna.com | Twitter @inder8588

Forum|alt.badge.img

+8

Madi.Cristil
Community Manager
617 comments
2 years ago
January 19, 2023

Sorry to hear that, @dips ! :( Hope you are well!

Madi Cristil

Forum|alt.badge.img

+7

dips
Author
Veeam Legend
808 comments
2 years ago
January 20, 2023

Thanks everyone! Getting there :)

Hope you all have a good weekend!

Dipen N. K. | IT Security Specialist | Veeam Legend 2022 - 2025 | Cyber Security Space VUG Leader

Forum|alt.badge.img

+12

Nico Losschaert
On the path to Greatness
681 comments
2 years ago
January 22, 2023

Thx for sharing @dips and good luck with your unfortunate news...🤞

#Veeam Legend 5* | VMCA 3* | VMCE 4* | VMTSP+ 2* | VMSP 2* | DCIE 2* | Loves Best Practices | Twitter : @NLosschaert

Comment