What is the severity of CVE-2017-8386?

CVE-2017-8386 has been classified as a medium-level vulnerability that can allow remote authenticated users to gain elevated privileges.

How do I fix CVE-2017-8386?

To fix CVE-2017-8386, update your git installation to a version greater than or equal to the latest patched version, based on your distribution.

Which versions of git are affected by CVE-2017-8386?

CVE-2017-8386 affects git versions before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, and several other versions before their respective patched releases.

What systems are impacted by CVE-2017-8386?

CVE-2017-8386 can impact systems running affected versions of git across various distributions, including Debian, Ubuntu, and Fedora.

Can CVE-2017-8386 be exploited remotely?

Yes, CVE-2017-8386 can be exploited by remote authenticated users through specific repository names.

Vulnerability/
CVE-2017-8386

high

8.8

12/5/2017

1/6/2017

5/8/2024

CVE-2017-8386

First published: Fri May 12 2017(Updated: )

git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
redhat/git	<2.4.12	2.4.12
redhat/git	<2.5.6	2.5.6
redhat/git	<2.6.7	2.6.7
redhat/git	<2.7.5	2.7.5
redhat/git	<2.8.5	2.8.5
redhat/git	<2.9.4	2.9.4
redhat/git	<2.10.3	2.10.3
redhat/git	<2.11.2	2.11.2
redhat/git	<2.12.3	2.12.3
Git Git-shell
openSUSE	=42.1
Debian	=8.0
Ubuntu	=14.04
Ubuntu	=16.04
Ubuntu	=16.10
Ubuntu	=17.04
Fedora	=24
Fedora	=25
Fedora	=26

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-8386?
CVE-2017-8386 has been classified as a medium-level vulnerability that can allow remote authenticated users to gain elevated privileges.
How do I fix CVE-2017-8386?
To fix CVE-2017-8386, update your git installation to a version greater than or equal to the latest patched version, based on your distribution.
Which versions of git are affected by CVE-2017-8386?
CVE-2017-8386 affects git versions before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, and several other versions before their respective patched releases.
What systems are impacted by CVE-2017-8386?
CVE-2017-8386 can impact systems running affected versions of git across various distributions, including Debian, Ubuntu, and Fedora.
Can CVE-2017-8386 be exploited remotely?
Yes, CVE-2017-8386 can be exploited by remote authenticated users through specific repository names.

agent/type
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2017-8386
agent/software-canonical-lookup
agent/severity
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/references
agent/last-modified-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
package-manager/redhat
vendor/git
canonical/git git-shell
vendor/opensuse
canonical/opensuse
version/opensuse/42.1
vendor/debian
canonical/debian
version/debian/8.0
vendor/canonical
canonical/ubuntu
version/ubuntu/14.04
version/ubuntu/16.04
version/ubuntu/16.10
version/ubuntu/17.04
vendor/fedoraproject
canonical/fedora
version/fedora/24
version/fedora/25
version/fedora/26