- Vulnerability/
- USN-7207-1
14/1/2025
USN-7207-1: Git vulnerabilities
First published: Tue Jan 14 2025(Updated: )
It was discovered that Git incorrectly handled certain URLs when asking for credentials. An attacker could possibly use this issue to mislead the user into typing passwords for trusted sites that would then be sent to untrusted sites instead. (CVE-2024-50349) It was discovered that git incorrectly handled line endings when using credential helpers. (CVE-2024-52006)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/git | <1:2.45.2-1ubuntu1.1 | 1:2.45.2-1ubuntu1.1 |
| Ubuntu Ubuntu | =24.10 | |
| All of | ||
| ubuntu/git | <1:2.43.0-1ubuntu7.2 | 1:2.43.0-1ubuntu7.2 |
| Ubuntu Ubuntu | =24.04 | |
| All of | ||
| ubuntu/git | <1:2.34.1-1ubuntu1.12 | 1:2.34.1-1ubuntu1.12 |
| Ubuntu Ubuntu | =22.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2024-52006
- https://ubuntu.com/security/CVE-2024-50349
- https://launchpad.net/ubuntu/+source/git/1:2.45.2-1ubuntu1.1
- https://launchpad.net/ubuntu/+source/git/1:2.43.0-1ubuntu7.2
- https://launchpad.net/ubuntu/+source/git/1:2.34.1-1ubuntu1.12
- https://ubuntu.com/security/notices/USN-7207-1 (Advisory)
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/severity
- agent/references
- agent/last-modified-date
- agent/title
- agent/first-publish-date
- agent/type
- agent/softwarecombine
- agent/description
- agent/event
- agent/tags
- agent/source
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/24.10
- version/ubuntu ubuntu/24.04
- version/ubuntu ubuntu/22.04