The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option. Note: This has been disputed by multiple 3rd parties who believe this is an intended feature of the git binary and does not pose a security risk.
Exposure of Resource to Wrong Sphere
Exposure of Sensitive Information to an Unauthorized Actor
-
| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| debian/git | deb | debian | 12 | >=1:2.39.2-1.1 | Not yet available |
| debian/git | deb | debian | unstable | >=1:2.43.0-1 | Not yet available |
| debian/git | deb | debian | 13 | >=1:2.43.0-1 | Not yet available |
| debian/git | deb | debian | 10 | >=1:2.20.1-2+deb10u3 | Not yet available |
| debian/git | deb | debian | 11 | >=1:2.30.2-1+deb11u2 | Not yet available |
Severity and metrics
No CVSS data available from this source.
3.9
3.9
3.9
-
-