CVE-2024-22190 - Vulnerability Details - OpenCVE

GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gitpython Project	Gitpython

Configuration 1 [-]

cpe:2.3:a:gitpython_project:gitpython:*:*:*:*:*:python:*:*

No data.

References

Link	Providers
https://github.com/gitpython-developers/GitPython/commit/ef3192cc414f2fd9978908454f6fd95243784c7f
https://github.com/gitpython-developers/GitPython/pull/1792
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-01-11T01:23:17.944Z

Updated: 2024-09-03T18:23:46.612Z

Reserved: 2024-01-08T04:59:27.370Z

Link: CVE-2024-22190

Vulnrichment

Updated: 2024-08-01T22:35:34.932Z

NVD

Status : Modified

Published: 2024-01-11T02:15:48.250

Modified: 2024-11-21T08:55:45.660

Link: CVE-2024-22190

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22190", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-01-08T04:59:27.370Z", "datePublished": "2024-01-11T01:23:17.944Z", "dateUpdated": "2024-09-03T18:23:46.612Z"}, "containers": {"cna": {"title": "Untrusted search path under some conditions on Windows allows arbitrary code execution", "problemTypes": [{"descriptions": [{"cweId": "CWE-426", "lang": "en", "description": "CWE-426: Untrusted Search Path", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx"}, {"name": "https://github.com/gitpython-developers/GitPython/pull/1792", "tags": ["x_refsource_MISC"], "url": "https://github.com/gitpython-developers/GitPython/pull/1792"}, {"name": "https://github.com/gitpython-developers/GitPython/commit/ef3192cc414f2fd9978908454f6fd95243784c7f", "tags": ["x_refsource_MISC"], "url": "https://github.com/gitpython-developers/GitPython/commit/ef3192cc414f2fd9978908454f6fd95243784c7f"}], "affected": [{"vendor": "gitpython-developers", "product": "GitPython", "versions": [{"version": "< 3.1.41", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-11T01:23:17.944Z"}, "descriptions": [{"lang": "en", "value": "GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41."}], "source": {"advisory": "GHSA-2mqj-m65w-jghx", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:35:34.932Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx"}, {"name": "https://github.com/gitpython-developers/GitPython/pull/1792", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/gitpython-developers/GitPython/pull/1792"}, {"name": "https://github.com/gitpython-developers/GitPython/commit/ef3192cc414f2fd9978908454f6fd95243784c7f", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/gitpython-developers/GitPython/commit/ef3192cc414f2fd9978908454f6fd95243784c7f"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-25T18:06:43.044544Z", "id": "CVE-2024-22190", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-03T18:23:46.612Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx", "name": "https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/gitpython-developers/GitPython/pull/1792", "name": "https://github.com/gitpython-developers/GitPython/pull/1792", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/gitpython-developers/GitPython/commit/ef3192cc414f2fd9978908454f6fd95243784c7f", "name": "https://github.com/gitpython-developers/GitPython/commit/ef3192cc414f2fd9978908454f6fd95243784c7f", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:35:34.932Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22190", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-25T18:06:43.044544Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-03T18:23:39.799Z"}}], "cna": {"title": "Untrusted search path under some conditions on Windows allows arbitrary code execution", "source": {"advisory": "GHSA-2mqj-m65w-jghx", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "gitpython-developers", "product": "GitPython", "versions": [{"status": "affected", "version": "< 3.1.41"}]}], "references": [{"url": "https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx", "name": "https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/gitpython-developers/GitPython/pull/1792", "name": "https://github.com/gitpython-developers/GitPython/pull/1792", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/gitpython-developers/GitPython/commit/ef3192cc414f2fd9978908454f6fd95243784c7f", "name": "https://github.com/gitpython-developers/GitPython/commit/ef3192cc414f2fd9978908454f6fd95243784c7f", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-426", "description": "CWE-426: Untrusted Search Path"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-11T01:23:17.944Z"}}}, "cveMetadata": {"cveId": "CVE-2024-22190", "state": "PUBLISHED", "dateUpdated": "2024-09-03T18:23:46.612Z", "dateReserved": "2024-01-08T04:59:27.370Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-01-11T01:23:17.944Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitpython_project:gitpython:*:*:*:*:*:python:*:*", "matchCriteriaId": "3EFC0264-B10D-4EAA-B78B-FDDEE26A4B8A", "versionEndExcluding": "3.1.41", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41."}, {"lang": "es", "value": "GitPython es una librer\u00eda de Python que se utiliza para interactuar con los repositorios de Git. Existe una soluci\u00f3n incompleta para CVE-2023-40590. En Windows, GitPython usa una ruta de b\u00fasqueda que no es de confianza si usa un shell para ejecutar `git`, as\u00ed como cuando ejecuta `bash.exe` para interpretar ganchos. Si cualquiera de esas funciones se utiliza en Windows, se puede ejecutar un `git.exe` o `bash.exe` malicioso desde un repositorio que no es de confianza. Este problema se solucion\u00f3 en la versi\u00f3n 3.1.41."}], "id": "CVE-2024-22190", "lastModified": "2024-11-21T08:55:45.660", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-11T02:15:48.250", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/gitpython-developers/GitPython/commit/ef3192cc414f2fd9978908454f6fd95243784c7f"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/gitpython-developers/GitPython/pull/1792"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/gitpython-developers/GitPython/commit/ef3192cc414f2fd9978908454f6fd95243784c7f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/gitpython-developers/GitPython/pull/1792"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-426"}], "source": "security-advisories@github.com", "type": "Secondary"}]}