CVE-2022-24975

ADVISORY - nist

Summary

The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option. Note: This has been disputed by multiple 3rd parties who believe this is an intended feature of the git binary and does not pose a security risk.

EPSS Score⁠: 0.00581 (0.679)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-668⁠

Exposure of Resource to Wrong Sphere

ADVISORY - redhat

CWE-200⁠

Exposure of Sensitive Information to an Unauthorized Actor

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.