CVE-2022-24975

ADVISORY - nist

Summary

The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option. Note: This has been disputed by multiple 3rd parties who believe this is an intended feature of the git binary and does not pose a security risk.

EPSS Score⁠: 0.00168 (0.542)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-668⁠

Exposure of Resource to Wrong Sphere

ADVISORY - redhat

CWE-200⁠

Exposure of Sensitive Information to an Unauthorized Actor

Impacted images

Advisories

NIST

CREATED

3 years ago

UPDATED

3 months ago

ADVISORY IDCVE-2022-24975⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.5high

Debian

CREATED

3 years ago

UPDATED

4 days ago

ADVISORY IDCVE-2022-24975⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

3 years ago

UPDATED

5 months ago

ADVISORY IDCVE-2022-24975⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5low

Red Hat

CREATED

3 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2022-24975⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.5low

intheWild

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDCVE-2022-24975⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY