What is the severity of REDHAT-BUG-2168160?

The severity of REDHAT-BUG-2168160 is categorized as moderate.

How do I fix REDHAT-BUG-2168160?

To fix REDHAT-BUG-2168160, update Git to the latest version provided by your distribution.

What are the potential risks associated with REDHAT-BUG-2168160?

The risks associated with REDHAT-BUG-2168160 include unauthorized access to repositories due to improper handling of symbolic links.

Which versions of Git are affected by REDHAT-BUG-2168160?

Currently, REDHAT-BUG-2168160 affects multiple versions of Git prior to the patch release.

Is mitigation available for REDHAT-BUG-2168160?

Yes, applying the latest security updates provided by your Linux distribution will mitigate this vulnerability.

Vulnerability/
REDHAT-BUG-2168160

medium

8/2/2023

24/1/2024

REDHAT-BUG-2168160

First published: Wed Feb 08 2023(Updated: )

Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (c.f., <a href="https://access.redhat.com/security/cve/CVE-2022-39253">CVE-2022-39253</a>), the objects directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as <a href="https://access.redhat.com/security/cve/CVE-2022-39253">CVE-2022-39253</a>.

Affected Software	Affected Version	How to fix
Git

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-2168160?
The severity of REDHAT-BUG-2168160 is categorized as moderate.
How do I fix REDHAT-BUG-2168160?
To fix REDHAT-BUG-2168160, update Git to the latest version provided by your distribution.
What are the potential risks associated with REDHAT-BUG-2168160?
The risks associated with REDHAT-BUG-2168160 include unauthorized access to repositories due to improper handling of symbolic links.
Which versions of Git are affected by REDHAT-BUG-2168160?
Currently, REDHAT-BUG-2168160 affects multiple versions of Git prior to the patch release.
Is mitigation available for REDHAT-BUG-2168160?
Yes, applying the latest security updates provided by your Linux distribution will mitigate this vulnerability.

agent/type
agent/first-publish-date
agent/description
agent/severity
agent/event
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2023-22490
agent/references
agent/last-modified-date
agent/source
agent/tags
agent/softwarecombine
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/git
canonical/git

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.