Vulnerabilities > CVE-2020-11008 - Insufficiently Protected Credentials vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE

Summary

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a "blank" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's "store" helper - Git's "cache" helper - the "osxkeychain" helper that ships in Git's "contrib" directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability.

Vulnerable Configurations

Part Description Count
Application
Git-Scm
797
OS
Debian
1
OS
Canonical
3
OS
Fedoraproject
2

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Session Sidejacking
    Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.
  • Lifting credential(s)/key material embedded in client distributions (thick or thin)
    An attacker examines a target application's code or configuration files to find credential or key material that has been embedded within the application or its files. Many services require authentication with their users for the various purposes including billing, access control or attribution. Some client applications store the user's authentication credentials or keys to accelerate the login process. Some clients may have built-in keys or credentials (in which case the server is authenticating with the client, rather than the user). If the attacker is able to locate where this information is stored, they may be able to retrieve these credentials. The attacker could then use these stolen credentials to impersonate the user or client, respectively, in interactions with the service or use stolen keys to eavesdrop on nominally secure communications between the client and server.
  • Password Recovery Exploitation
    An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same privileges as the original user. Generally password recovery schemes tend to be weak and insecure. Most of them use only one security question . For instance, mother's maiden name tends to be a fairly popular one. Unfortunately in many cases this information is not very hard to find, especially if the attacker knows the legitimate user. These generic security questions are also re-used across many applications, thus making them even more insecure. An attacker could for instance overhear a coworker talking to a bank representative at the work place and supplying their mother's maiden name for verification purposes. An attacker can then try to log in into one of the victim's accounts, click on "forgot password" and there is a good chance that the security question there will be to provide mother's maiden name. A weak password recovery scheme totally undermines the effectiveness of a strong password scheme.

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_E84831158B8E11EABDCF001B217B3468.NASL
    descriptionGitlab reports : Path Traversal in NuGet Package Registry Workhorse Bypass Leads to File Disclosure OAuth Application Client Secrets Revealed Code Owners Approval Rules Are Not Updated for Existing Merge Requests When Source Branch Changes Code Owners Protection Not Enforced from Web UI Repository Mirror Passwords Exposed To Maintainers Admin Audit Log Page Denial of Service Private Project ID Revealed Through Group API Elasticsearch Credentials Logged to ELK GitHub Personal Access Token Exposed on Integrations Page Update Nokogiri dependency Update OpenSSL Dependency Update git
    last seen2020-05-15
    modified2020-05-04
    plugin id136304
    published2020-05-04
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136304
    titleFreeBSD : Gitlab -- Multiple Vulnerabilities (e8483115-8b8e-11ea-bdcf-001b217b3468)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2020 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(136304);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/13");
    
      script_cve_id("CVE-2020-10187", "CVE-2020-11008", "CVE-2020-12448", "CVE-2020-1967", "CVE-2020-7595");
      script_xref(name:"IAVA", value:"2020-A-0186");
    
      script_name(english:"FreeBSD : Gitlab -- Multiple Vulnerabilities (e8483115-8b8e-11ea-bdcf-001b217b3468)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Gitlab reports :
    
    Path Traversal in NuGet Package Registry
    
    Workhorse Bypass Leads to File Disclosure
    
    OAuth Application Client Secrets Revealed
    
    Code Owners Approval Rules Are Not Updated for Existing Merge Requests
    When Source Branch Changes
    
    Code Owners Protection Not Enforced from Web UI
    
    Repository Mirror Passwords Exposed To Maintainers
    
    Admin Audit Log Page Denial of Service
    
    Private Project ID Revealed Through Group API
    
    Elasticsearch Credentials Logged to ELK
    
    GitHub Personal Access Token Exposed on Integrations Page
    
    Update Nokogiri dependency
    
    Update OpenSSL Dependency
    
    Update git"
      );
      # https://about.gitlab.com/releases/2020/04/30/security-release-12-10-2-released/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?dac5e06d"
      );
      # https://vuxml.freebsd.org/freebsd/e8483115-8b8e-11ea-bdcf-001b217b3468.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a57444f0"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-12448");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:gitlab-ce");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/05/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"gitlab-ce>=12.10.0<12.10.2")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"gitlab-ce>=12.9.0<12.9.5")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"gitlab-ce>=8.4.0<12.8.10")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_67765237847011EAA283B42E99A1B9C3.NASL
    descriptiongit security advisory reports : Git uses external
    last seen2020-06-10
    modified2020-06-05
    plugin id137167
    published2020-06-05
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137167
    titleFreeBSD : malicious URLs can cause git to send a stored credential to wrong server (67765237-8470-11ea-a283-b42e99a1b9c3)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2020 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(137167);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/09");
    
      script_cve_id("CVE-2020-11008");
    
      script_name(english:"FreeBSD : malicious URLs can cause git to send a stored credential to wrong server (67765237-8470-11ea-a283-b42e99a1b9c3)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "git security advisory reports :
    
    Git uses external 'credential helper' programs to store and retrieve
    passwords or other credentials from secure storage provided by the
    operating system. Specially crafted URLs that are considered illegal
    as of the recently published Git versions can cause Git to send a
    'blank' pattern to helpers, missing hostname and protocol fields. Many
    helpers will interpret this as matching any URL, and will return some
    unspecified stored password, leaking the password to an attacker's
    server."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7"
      );
      # https://vuxml.freebsd.org/freebsd/67765237-8470-11ea-a283-b42e99a1b9c3.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?29e88225"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:git");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:git-gui");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:git-lite");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"git>=2.26.0<2.26.2")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"git>=2.25.0<2.25.4")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"git>=2.24.0<2.24.3")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"git>=2.23.0<2.23.3")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"git>=2.22.0<2.22.4")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"git>=2.21.0<2.21.3")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"git>=2.20.0<2.20.4")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"git>=2.19.0<2.19.5")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"git>=2.18.0<2.18.4")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"git>=0<2.17.5")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"git-lite>=2.26.0<2.26.2")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"git-lite>=2.25.0<2.25.4")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"git-lite>=2.24.0<2.24.3")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"git-lite>=2.23.0<2.23.3")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"git-lite>=2.22.0<2.22.4")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"git-lite>=2.21.0<2.21.3")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"git-lite>=2.20.0<2.20.4")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"git-lite>=2.19.0<2.19.5")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"git-lite>=2.18.0<2.18.4")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"git-lite>=0<2.17.5")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"git-gui>=2.26.0<2.26.2")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"git-gui>=2.25.0<2.25.4")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"git-gui>=2.24.0<2.24.3")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"git-gui>=2.23.0<2.23.3")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"git-gui>=2.22.0<2.22.4")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"git-gui>=2.21.0<2.21.3")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"git-gui>=2.20.0<2.20.4")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"git-gui>=2.19.0<2.19.5")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"git-gui>=2.18.0<2.18.4")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"git-gui>=0<2.17.5")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-1121-1.NASL
    descriptionThis update for git fixes the following issues : Security issues fixed : CVE-2020-11008: Specially crafted URLs may have tricked the credentials helper to providing credential information that is not appropriate for the protocol in use and host being contacted (bsc#1169936) git was updated to 2.26.1 (bsc#1169786, jsc#ECO-1628, bsc#1149792) Fix git-daemon not starting after conversion from sysvinit to systemd service (bsc#1169605). CVE-2020-5260: Specially crafted URLs with newline characters could have been used to make the Git client to send credential information for a wrong host to the attacker
    last seen2020-05-06
    modified2020-04-29
    plugin id136074
    published2020-04-29
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136074
    titleSUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2020:1121-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2020:1121-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(136074);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id("CVE-2017-15298", "CVE-2018-11233", "CVE-2018-11235", "CVE-2018-17456", "CVE-2019-1348", "CVE-2019-1349", "CVE-2019-1350", "CVE-2019-1351", "CVE-2019-1352", "CVE-2019-1353", "CVE-2019-1354", "CVE-2019-1387", "CVE-2019-19604", "CVE-2020-11008", "CVE-2020-5260");
    
      script_name(english:"SUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2020:1121-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for git fixes the following issues :
    
    Security issues fixed :
    
    CVE-2020-11008: Specially crafted URLs may have tricked the
    credentials helper to providing credential information that is not
    appropriate for the protocol in use and host being contacted
    (bsc#1169936)
    
    git was updated to 2.26.1 (bsc#1169786, jsc#ECO-1628, bsc#1149792)
    
    Fix git-daemon not starting after conversion from sysvinit to systemd
    service (bsc#1169605).
    
    CVE-2020-5260: Specially crafted URLs with newline characters could
    have been used to make the Git client to send credential information
    for a wrong host to the attacker's site bsc#1168930
    
    git 2.26.0 (bsc#1167890, jsc#SLE-11608) :
    
    'git rebase' now uses a different backend that is based on the 'merge'
    machinery by default. The 'rebase.backend' configuration variable
    reverts to old behaviour when set to 'apply'
    
    Improved handling of sparse checkouts
    
    Improvements to many commands and internal features
    
    git 2.25.2 :
    
    bug fixes to various subcommands in specific operations
    
    git 2.25.1 :
    
    'git commit' now honors advise.statusHints
    
    various updates, bug fixes and documentation updates
    
    git 2.25.0
    
    The branch description ('git branch --edit-description') has been used
    to fill the body of the cover letters by the format-patch command;
    this has been enhanced so that the subject can also be filled.
    
    A few commands learned to take the pathspec from the standard input or
    a named file, instead of taking it as the command line arguments, with
    the '--pathspec-from-file' option.
    
    Test updates to prepare for SHA-2 transition continues.
    
    Redo 'git name-rev' to avoid recursive calls.
    
    When all files from some subdirectory were renamed to the root
    directory, the directory rename heuristics would fail to detect that
    as a rename/merge of the subdirectory to the root directory, which has
    been corrected.
    
    HTTP transport had possible allocator/deallocator mismatch, which has
    been corrected.
    
    git 2.24.1 :
    
    CVE-2019-1348: The --export-marks option of fast-import is exposed
    also via the in-stream command feature export-marks=... and it allows
    overwriting arbitrary paths (bsc#1158785)
    
    CVE-2019-1349: on Windows, when submodules are cloned recursively,
    under certain circumstances Git could be fooled into using the same
    Git directory twice (bsc#1158787)
    
    CVE-2019-1350: Incorrect quoting of command-line arguments allowed
    remote code execution during a recursive clone in conjunction with SSH
    URLs (bsc#1158788)
    
    CVE-2019-1351: on Windows mistakes drive letters outside of the
    US-English alphabet as relative paths (bsc#1158789)
    
    CVE-2019-1352: on Windows was unaware of NTFS Alternate Data Streams
    (bsc#1158790)
    
    CVE-2019-1353: when run in the Windows Subsystem for Linux while
    accessing a working directory on a regular Windows drive, none of the
    NTFS protections were active (bsc#1158791)
    
    CVE-2019-1354: on Windows refuses to write tracked files with
    filenames that contain backslashes (bsc#1158792)
    
    CVE-2019-1387: Recursive clones vulnerability that is caused by
    too-lax validation of submodule names, allowing very targeted attacks
    via remote code execution in recursive clones (bsc#1158793)
    
    CVE-2019-19604: a recursive clone followed by a submodule update could
    execute code contained within the repository without the user
    explicitly having asked for that (bsc#1158795)
    
    git 2.24.0
    
    The command line parser learned '--end-of-options' notation.
    
    A mechanism to affect the default setting for a (related) group of
    configuration variables is introduced.
    
    'git fetch' learned '--set-upstream' option to help those who first
    clone from their private fork they intend to push to, add the true
    upstream via 'git remote add' and then 'git fetch' from it.
    
    fixes and improvements to UI, workflow and features, bash completion
    fixes
    
    git 2.23.0 :
    
    The '--base' option of 'format-patch' computed the patch-ids for
    prerequisite patches in an unstable way, which has been updated to
    compute in a way that is compatible with 'git patch-id
    
    --stable'.
    
    The 'git log' command by default behaves as if the --mailmap option
    was given.
    
    fixes and improvements to UI, workflow and features
    
    git 2.22.1
    
    A relative pathname given to 'git init --template=<path> <repo>' ought
    to be relative to the directory 'git init' gets invoked in, but it
    instead was made relative to the repository, which has been corrected.
    </repo></path>
    
    'git worktree add' used to fail when another worktree connected to the
    same repository was corrupt, which has been corrected.
    
    'git am -i --resolved' segfaulted after trying to see a commit as if
    it were a tree, which has been corrected.
    
    'git merge --squash' is designed to update the working tree and the
    index without creating the commit, and this cannot be countermanded by
    adding the '--commit' option; the command now refuses to work when
    both options are given.
    
    Update to Unicode 12.1 width table.
    
    'git request-pull' learned to warn when the ref we ask them to pull
    from in the local repository and in the published repository are
    different.
    
    'git fetch' into a lazy clone forgot to fetch base objects that are
    necessary to complete delta in a thin packfile, which has been
    corrected.
    
    The URL decoding code has been updated to avoid going past the end of
    the string while parsing %-<hex>-<hex> sequence. </hex></hex>
    
    'git clean' silently skipped a path when it cannot lstat() it; now it
    gives a warning.
    
    'git rm' to resolve a conflicted path leaked an internal message
    'needs merge' before actually removing the path, which was confusing.
    This has been corrected.
    
    Many more bugfixes and code cleanups.
    
    removal of SuSEfirewall2 service, since SuSEfirewall2 has been
    replaced by firewalld.
    
    partial fix for git instaweb giving 500 error (bsc#1112230)
    
    git 2.22.0
    
    The filter specification '--filter=sparse:path=<path>' used to create
    a lazy/partial clone has been removed. Using a blob that is part of
    the project as sparse specification is still supported with the
    '--filter=sparse:oid=<blob>' option </blob></path>
    
    'git checkout --no-overlay' can be used to trigger a new mode of
    checking out paths out of the tree-ish, that allows paths that match
    the pathspec that are in the current index and working tree and are
    not in the tree-ish.
    
    Four new configuration variables {author,committer}.{name,email} have
    been introduced to override user.{name,email} in more specific cases.
    
    'git branch' learned a new subcommand '--show-current'.
    
    The command line completion (in contrib/) has been taught to complete
    more subcommand parameters.
    
    The completion helper code now pays attention to repository-local
    configuration (when available), which allows --list-cmds to honour a
    repository specific setting of completion.commands, for example.
    
    The list of conflicted paths shown in the editor while concluding a
    conflicted merge was shown above the scissors line when the clean-up
    mode is set to 'scissors', even though it was commented out just like
    the list of updated paths and other information to help the user
    explain the merge better.
    
    'git rebase' that was reimplemented in C did not set ORIG_HEAD
    correctly, which has been corrected.
    
    'git worktree add' used to do a 'find an available name with stat and
    then mkdir', which is race-prone. This has been fixed by using mkdir
    and reacting to EEXIST in a loop.
    
    Move to DocBook 5.x. Asciidoctor 2.x no longer supports the legacy
    DocBook 4.5 format.
    
    update git-web AppArmor profile for bash and tar usrMerge
    (bsc#1132350)
    
    git 2.21.0
    
    Historically, the '-m' (mainline) option can only be used for 'git
    cherry-pick' and 'git revert' when working with a merge commit. This
    version of Git no longer warns or errors out when working with a
    single-parent commit, as long as the argument to the '-m' option is 1
    (i.e. it has only one parent, and the request is to pick or revert
    relative to that first parent). Scripts that relied on the behaviour
    may get broken with this change.
    
    Small fixes and features for fast-export and fast-import.
    
    The 'http.version' configuration variable can be used with recent
    enough versions of cURL library to force the version of HTTP used to
    talk when fetching and pushing.
    
    'git push $there $src:$dst' rejects when $dst is not a fully qualified
    refname and it is not clear what the end user meant.
    
    Update 'git multimail' from the upstream.
    
    A new date format '--date=human' that morphs its output depending on
    how far the time is from the current time has been introduced.
    '--date=auto:human' can be used to use this new format (or any
    existing format) when the output is going to the pager or to the
    terminal, and otherwise the default format.
    
    Fix worktree creation race (bsc#1114225).
    
    add shadow build dependency to the -daemon subpackage.
    
    git 2.20.1 :
    
    portability fixes
    
    'git help -a' did not work well when an overly long alias was defined
    
    no longer squelched an error message when the run_command API failed
    to run a missing command
    
    git 2.20.0
    
    'git help -a' now gives verbose output (same as 'git help -av'). Those
    who want the old output may say 'git help --no-verbose -a'..
    
    'git send-email' learned to grab address-looking string on any trailer
    whose name ends with '-by'.
    
    'git format-patch' learned new '--interdiff' and '--range-diff'
    options to explain the difference between this version and the
    previous attempt in the cover letter (or after the three-dashes as a
    comment).
    
    Developer builds now use -Wunused-function compilation option.
    
    Fix a bug in which the same path could be registered under multiple
    worktree entries if the path was missing (for instance, was removed
    manually). Also, as a convenience, expand the number of cases in which
    
    --force is applicable.
    
    The overly large Documentation/config.txt file have been split into
    million little pieces. This potentially allows each individual piece
    to be included into the manual page of the command it affects more
    easily.
    
    Malformed or crafted data in packstream can make our code attempt to
    read or write past the allocated buffer and abort, instead of
    reporting an error, which has been fixed.
    
    Fix for a long-standing bug that leaves the index file corrupt when it
    shrinks during a partial commit.
    
    'git merge' and 'git pull' that merges into an unborn branch used to
    completely ignore '--verify-signatures', which has been corrected.
    
    ...and much more features and fixes
    
    git 2.19.2 :
    
    various bug fixes for multiple subcommands and operations
    
    git 2.19.1 :
    
    CVE-2018-17456: Specially crafted .gitmodules files may have allowed
    arbitrary code execution when the repository is cloned with
    
    --recurse-submodules (bsc#1110949)
    
    git 2.19.0 :
    
    'git diff' compares the index and the working tree. For paths added
    with intent-to-add bit, the command shows the full contents of them as
    added, but the paths themselves were not marked as new files. They are
    now shown as new by default.
    
    'git apply' learned the '--intent-to-add' option so that an otherwise
    working-tree-only application of a patch will add new paths to the
    index marked with the 'intent-to-add' bit.
    
    'git grep' learned the '--column' option that gives not just the line
    number but the column number of the hit.
    
    The '-l' option in 'git branch -l' is an unfortunate short-hand for
    '--create-reflog', but many users, both old and new, somehow expect it
    to be something else, perhaps '--list'. This step warns when '-l' is
    used as a short-hand for '--create-reflog' and warns about the future
    repurposing of the it when it is used.
    
    The userdiff pattern for .php has been updated.
    
    The content-transfer-encoding of the message 'git send-email' sends
    out by default was 8bit, which can cause trouble when there is an
    overlong line to bust RFC 5322/2822 limit. A new option 'auto' to
    automatically switch to quoted-printable when there is such a line in
    the payload has been introduced and is made the default.
    
    'git checkout' and 'git worktree add' learned to honor
    checkout.defaultRemote when auto-vivifying a local branch out of a
    remote tracking branch in a repository with multiple remotes that have
    tracking branches that share the same names. (merge 8d7b558bae
    ab/checkout-default-remote later to maint).
    
    'git grep' learned the '--only-matching' option.
    
    'git rebase --rebase-merges' mode now handles octopus merges as well.
    
    Add a server-side knob to skip commits in exponential/fibbonacci
    stride in an attempt to cover wider swath of history with a smaller
    number of iterations, potentially accepting a larger packfile
    transfer, instead of going back one commit a time during common
    ancestor discovery during the 'git fetch' transaction. (merge
    42cc7485a2 jt/fetch-negotiator-skipping later to maint).
    
    A new configuration variable core.usereplacerefs has been added,
    primarily to help server installations that want to ignore the replace
    mechanism altogether.
    
    Teach 'git tag -s' etc. a few configuration variables (gpg.format that
    can be set to 'openpgp' or 'x509', and gpg.<format>.program that is
    used to specify what program to use to deal with the format) to allow
    x.509 certs with CMS via 'gpgsm' to be used instead of openpgp via
    'gnupg'. </format>
    
    Many more strings are prepared for l10n.
    
    'git p4 submit' learns to ask its own pre-submit hook if it should
    continue with submitting.
    
    The test performed at the receiving end of 'git push' to prevent bad
    objects from entering repository can be customized via receive.fsck.*
    configuration variables; we now have gained a counterpart to do the
    same on the 'git fetch' side, with fetch.fsck.* configuration
    variables.
    
    'git pull --rebase=interactive' learned 'i' as a short-hand for
    'interactive'.
    
    'git instaweb' has been adjusted to run better with newer Apache on
    RedHat based distros.
    
    'git range-diff' is a reimplementation of 'git tbdiff' that lets us
    compare individual patches in two iterations of a topic.
    
    The sideband code learned to optionally paint selected keywords at the
    beginning of incoming lines on the receiving end.
    
    'git branch --list' learned to take the default sort order from the
    'branch.sort' configuration variable, just like 'git tag --list' pays
    attention to 'tag.sort'.
    
    'git worktree' command learned '--quiet' option to make it less
    verbose.
    
    git 2.18.0 :
    
    improvements to rename detection logic
    
    When built with more recent cURL, GIT_SSL_VERSION can now specify
    'tlsv1.3' as its value.
    
    'git mergetools' learned talking to guiffy.
    
    various other workflow improvements and fixes
    
    performance improvements and other developer visible fixes
    
    git 2.17.1
    
    Submodule 'names' come from the untrusted .gitmodules file, but we
    blindly append them to $GIT_DIR/modules to create our on-disk repo
    paths. This means you can do bad things by putting '../' into the
    name. We now enforce some rules for submodule names which will cause
    Git to ignore these malicious names (CVE-2018-11235, bsc#1095219)
    
    It was possible to trick the code that sanity-checks paths on NTFS
    into reading random piece of memory (CVE-2018-11233, bsc#1095218)
    
    Support on the server side to reject pushes to repositories that
    attempt to create such problematic .gitmodules file etc. as tracked
    contents, to help hosting sites protect their customers by preventing
    malicious contents from spreading.
    
    git 2.17.0 :
    
    'diff' family of commands learned '--find-object=<object-id>' option
    to limit the findings to changes that involve the named object.
    </object-id>
    
    'git format-patch' learned to give 72-cols to diffstat, which is
    consistent with other line length limits the subcommand uses for its
    output meant for e-mails.
    
    The log from 'git daemon' can be redirected with a new option; one
    relevant use case is to send the log to standard error (instead of
    syslog) when running it from inetd.
    
    'git rebase' learned to take '--allow-empty-message' option.
    
    'git am' has learned the '--quit' option, in addition to the existing
    '--abort' option; having the pair mirrors a few other commands like
    'rebase' and 'cherry-pick'.
    
    'git worktree add' learned to run the post-checkout hook, just like
    'git clone' runs it upon the initial checkout.
    
    'git tag' learned an explicit '--edit' option that allows the message
    given via '-m' and '-F' to be further edited.
    
    'git fetch --prune-tags' may be used as a handy short-hand for getting
    rid of stale tags that are locally held.
    
    The new '--show-current-patch' option gives an end-user facing way to
    get the diff being applied when 'git rebase' (and 'git am') stops with
    a conflict.
    
    'git add -p' used to offer '/' (look for a matching hunk) as a choice,
    even there was only one hunk, which has been corrected. Also the
    single-key help is now given only for keys that are enabled (e.g. help
    for '/' won't be shown when there is only one hunk).
    
    Since Git 1.7.9, 'git merge' defaulted to --no-ff (i.e. even when the
    side branch being merged is a descendant of the current commit, create
    a merge commit instead of fast-forwarding) when merging a tag object.
    This was appropriate default for integrators who pull signed tags from
    their downstream contributors, but caused an unnecessary merges when
    used by downstream contributors who habitually 'catch up' their topic
    branches with tagged releases from the upstream. Update 'git merge' to
    default to --no-ff only when merging a tag object that does *not* sit
    at its usual place in refs/tags/ hierarchy, and allow fast-forwarding
    otherwise, to mitigate the problem.
    
    'git status' can spend a lot of cycles to compute the relation between
    the current branch and its upstream, which can now be disabled with
    '--no-ahead-behind' option.
    
    'git diff' and friends learned funcname patterns for Go language
    source files.
    
    'git send-email' learned '--reply-to=<address>' option. </address>
    
    Funcname pattern used for C# now recognizes 'async' keyword.
    
    In a way similar to how 'git tag' learned to honor the pager setting
    only in the list mode, 'git config' learned to ignore the pager
    setting when it is used for setting values (i.e. when the purpose of
    the operation is not to 'show').
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063412"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1095218"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1095219"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1110949"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112230"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1114225"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1132350"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1149792"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1156651"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158785"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158787"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158788"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158789"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158790"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158791"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158792"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158793"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158795"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1167890"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1168930"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1169605"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1169786"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1169936"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-15298/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-11233/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-11235/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-17456/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-1348/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-1349/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-1350/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-1351/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-1352/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-1353/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-1354/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-1387/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19604/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2020-11008/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2020-5260/"
      );
      # https://www.suse.com/support/update/announcement/2020/suse-su-20201121-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?47879213"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Open Buildservice Development Tools
    15-SP1 :
    
    zypper in -t patch
    SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-1121=1
    
    SUSE Linux Enterprise Module for Development Tools 15-SP1 :
    
    zypper in -t patch
    SUSE-SLE-Module-Development-Tools-15-SP1-2020-1121=1
    
    SUSE Linux Enterprise Module for Basesystem 15-SP1 :
    
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1121=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19604");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Malicious Git HTTP Server For CVE-2018-17456');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-arch");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-core-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-credential-gnome-keyring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-credential-gnome-keyring-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-credential-libsecret");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-credential-libsecret-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-cvs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-daemon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-daemon-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-email");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-gui");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-p4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-svn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-svn-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-web");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gitk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP1", os_ver + " SP" + sp);
    if (os_ver == "SLED15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES15", sp:"1", reference:"git-credential-gnome-keyring-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"git-credential-gnome-keyring-debuginfo-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"git-credential-libsecret-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"git-credential-libsecret-debuginfo-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"git-debuginfo-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"git-debugsource-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"git-p4-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"git-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"git-arch-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"git-cvs-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"git-daemon-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"git-daemon-debuginfo-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"git-debuginfo-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"git-debugsource-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"git-email-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"git-gui-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"git-svn-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"git-svn-debuginfo-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"git-web-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"gitk-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"git-core-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"git-core-debuginfo-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"git-debuginfo-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"git-debugsource-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"git-credential-gnome-keyring-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"git-credential-gnome-keyring-debuginfo-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"git-credential-libsecret-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"git-credential-libsecret-debuginfo-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"git-debuginfo-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"git-debugsource-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"git-p4-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"git-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"git-arch-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"git-cvs-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"git-daemon-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"git-daemon-debuginfo-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"git-debuginfo-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"git-debugsource-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"git-email-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"git-gui-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"git-svn-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"git-svn-debuginfo-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"git-web-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"gitk-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"git-core-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"git-core-debuginfo-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"git-debuginfo-2.26.1-3.25.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"git-debugsource-2.26.1-3.25.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-2182.NASL
    descriptionCarlo Arenas discovered a flaw in git, a fast, scalable, distributed revision control system. With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential information that is not appropriate for the protocol in use and host being contacted. For Debian 8
    last seen2020-05-06
    modified2020-04-24
    plugin id135939
    published2020-04-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135939
    titleDebian DLA-2182-1 : git security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-2182-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(135939);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id("CVE-2020-11008");
    
      script_name(english:"Debian DLA-2182-1 : git security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Carlo Arenas discovered a flaw in git, a fast, scalable, distributed
    revision control system. With a crafted URL that contains a newline or
    empty host, or lacks a scheme, the credential helper machinery can be
    fooled into providing credential information that is not appropriate
    for the protocol in use and host being contacted.
    
    For Debian 8 'Jessie', this problem has been fixed in version
    1:2.1.4-2.1+deb8u10.
    
    We recommend that you upgrade your git packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2020/04/msg00015.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/git"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-11008");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:git");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:git-all");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:git-arch");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:git-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:git-cvs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:git-daemon-run");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:git-daemon-sysvinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:git-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:git-el");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:git-email");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:git-gui");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:git-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:git-mediawiki");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:git-svn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gitk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gitweb");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"git", reference:"1:2.1.4-2.1+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"git-all", reference:"1:2.1.4-2.1+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"git-arch", reference:"1:2.1.4-2.1+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"git-core", reference:"1:2.1.4-2.1+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"git-cvs", reference:"1:2.1.4-2.1+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"git-daemon-run", reference:"1:2.1.4-2.1+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"git-daemon-sysvinit", reference:"1:2.1.4-2.1+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"git-doc", reference:"1:2.1.4-2.1+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"git-el", reference:"1:2.1.4-2.1+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"git-email", reference:"1:2.1.4-2.1+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"git-gui", reference:"1:2.1.4-2.1+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"git-man", reference:"1:2.1.4-2.1+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"git-mediawiki", reference:"1:2.1.4-2.1+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"git-svn", reference:"1:2.1.4-2.1+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"gitk", reference:"1:2.1.4-2.1+deb8u10")) flag++;
    if (deb_check(release:"8.0", prefix:"gitweb", reference:"1:2.1.4-2.1+deb8u10")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4334-1.NASL
    descriptionCarlo Arenas discovered that Git incorrectly handled certain URLs containing newlines, empty hosts, or lacking a scheme. A remote attacker could possibly use this issue to trick Git into returning credential information for a wrong host. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2020-04-22
    plugin id135895
    published2020-04-22
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135895
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.10 : git vulnerability (USN-4334-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-4334-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(135895);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id("CVE-2020-11008");
      script_xref(name:"USN", value:"4334-1");
    
      script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : git vulnerability (USN-4334-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Carlo Arenas discovered that Git incorrectly handled certain URLs
    containing newlines, empty hosts, or lacking a scheme. A remote
    attacker could possibly use this issue to trick Git into returning
    credential information for a wrong host.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/4334-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected git package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-11008");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:git");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/22");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04|18\.04|19\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04 / 19.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"git", pkgver:"1:2.7.4-0ubuntu1.9")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"git", pkgver:"1:2.17.1-1ubuntu0.7")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"git", pkgver:"1:2.20.1-2ubuntu1.19.10.3")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-598.NASL
    descriptionThis update for git fixes the following issues : Security issues fixed : - CVE-2020-11008: Specially crafted URLs may have tricked the credentials helper to providing credential information that is not appropriate for the protocol in use and host being contacted (bsc#1169936) git was updated to 2.26.1 (bsc#1169786, jsc#ECO-1628, bsc#1149792) - Fix git-daemon not starting after conversion from sysvinit to systemd service (bsc#1169605). - CVE-2020-5260: Specially crafted URLs with newline characters could have been used to make the Git client to send credential information for a wrong host to the attacker
    last seen2020-05-08
    modified2020-05-04
    plugin id136311
    published2020-05-04
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136311
    titleopenSUSE Security Update : git (openSUSE-2020-598)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2020-598.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(136311);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id("CVE-2017-15298", "CVE-2018-11233", "CVE-2018-11235", "CVE-2018-17456", "CVE-2019-1348", "CVE-2019-1349", "CVE-2019-1350", "CVE-2019-1351", "CVE-2019-1352", "CVE-2019-1353", "CVE-2019-1354", "CVE-2019-1387", "CVE-2019-19604", "CVE-2020-11008", "CVE-2020-5260");
    
      script_name(english:"openSUSE Security Update : git (openSUSE-2020-598)");
      script_summary(english:"Check for the openSUSE-2020-598 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for git fixes the following issues :
    
    Security issues fixed :
    
      - CVE-2020-11008: Specially crafted URLs may have tricked
        the credentials helper to providing credential
        information that is not appropriate for the protocol in
        use and host being contacted (bsc#1169936)
    
    git was updated to 2.26.1 (bsc#1169786, jsc#ECO-1628, bsc#1149792)
    
      - Fix git-daemon not starting after conversion from
        sysvinit to systemd service (bsc#1169605).
    
      - CVE-2020-5260: Specially crafted URLs with newline
        characters could have been used to make the Git client
        to send credential information for a wrong host to the
        attacker's site bsc#1168930
    
    git 2.26.0 (bsc#1167890, jsc#SLE-11608) :
    
      - 'git rebase' now uses a different backend that is based
        on the 'merge' machinery by default. The
        'rebase.backend' configuration variable reverts to old
        behaviour when set to 'apply'
    
      - Improved handling of sparse checkouts
    
      - Improvements to many commands and internal features
    
    git 2.25.2 :
    
      - bug fixes to various subcommands in specific operations
    
    git 2.25.1 :
    
      - 'git commit' now honors advise.statusHints
    
      - various updates, bug fixes and documentation updates
    
    git 2.25.0
    
      - The branch description ('git branch --edit-description')
        has been used to fill the body of the cover letters by
        the format-patch command; this has been enhanced so that
        the subject can also be filled.
    
      - A few commands learned to take the pathspec from the
        standard input or a named file, instead of taking it as
        the command line arguments, with the
        '--pathspec-from-file' option.
    
      - Test updates to prepare for SHA-2 transition continues.
    
      - Redo 'git name-rev' to avoid recursive calls.
    
      - When all files from some subdirectory were renamed to
        the root directory, the directory rename heuristics
        would fail to detect that as a rename/merge of the
        subdirectory to the root directory, which has been
        corrected.
    
      - HTTP transport had possible allocator/deallocator
        mismatch, which has been corrected.
    
    git 2.24.1 :
    
      - CVE-2019-1348: The --export-marks option of fast-import
        is exposed also via the in-stream command feature
        export-marks=... and it allows overwriting arbitrary
        paths (bsc#1158785)
    
      - CVE-2019-1349: on Windows, when submodules are cloned
        recursively, under certain circumstances Git could be
        fooled into using the same Git directory twice
        (bsc#1158787)
    
      - CVE-2019-1350: Incorrect quoting of command-line
        arguments allowed remote code execution during a
        recursive clone in conjunction with SSH URLs
        (bsc#1158788)
    
      - CVE-2019-1351: on Windows mistakes drive letters outside
        of the US-English alphabet as relative paths
        (bsc#1158789)
    
      - CVE-2019-1352: on Windows was unaware of NTFS Alternate
        Data Streams (bsc#1158790)
    
      - CVE-2019-1353: when run in the Windows Subsystem for
        Linux while accessing a working directory on a regular
        Windows drive, none of the NTFS protections were active
        (bsc#1158791)
    
      - CVE-2019-1354: on Windows refuses to write tracked files
        with filenames that contain backslashes (bsc#1158792)
    
      - CVE-2019-1387: Recursive clones vulnerability that is
        caused by too-lax validation of submodule names,
        allowing very targeted attacks via remote code execution
        in recursive clones (bsc#1158793)
    
      - CVE-2019-19604: a recursive clone followed by a
        submodule update could execute code contained within the
        repository without the user explicitly having asked for
        that (bsc#1158795)
    
    git 2.24.0
    
      - The command line parser learned '--end-of-options'
        notation.
    
      - A mechanism to affect the default setting for a
        (related) group of configuration variables is
        introduced.
    
      - 'git fetch' learned '--set-upstream' option to help
        those who first clone from their private fork they
        intend to push to, add the true upstream via 'git remote
        add' and then 'git fetch' from it.
    
      - fixes and improvements to UI, workflow and features,
        bash completion fixes
    
    git 2.23.0 :
    
      - The '--base' option of 'format-patch' computed the
        patch-ids for prerequisite patches in an unstable way,
        which has been updated to compute in a way that is
        compatible with 'git patch-id
    
        --stable'.
    
      - The 'git log' command by default behaves as if the
        --mailmap option was given.
    
      - fixes and improvements to UI, workflow and features
    
    git 2.22.1
    
      - A relative pathname given to 'git init --template=<path>
        <repo>' ought to be relative to the directory 'git init'
        gets invoked in, but it instead was made relative to the
        repository, which has been corrected.
    
      - 'git worktree add' used to fail when another worktree
        connected to the same repository was corrupt, which has
        been corrected.
    
      - 'git am -i --resolved' segfaulted after trying to see a
        commit as if it were a tree, which has been corrected.
    
      - 'git merge --squash' is designed to update the working
        tree and the index without creating the commit, and this
        cannot be countermanded by adding the '--commit' option;
        the command now refuses to work when both options are
        given.
    
      - Update to Unicode 12.1 width table.
    
      - 'git request-pull' learned to warn when the ref we ask
        them to pull from in the local repository and in the
        published repository are different.
    
      - 'git fetch' into a lazy clone forgot to fetch base
        objects that are necessary to complete delta in a thin
        packfile, which has been corrected.
    
      - The URL decoding code has been updated to avoid going
        past the end of the string while parsing %-<hex>-<hex>
        sequence.
    
      - 'git clean' silently skipped a path when it cannot
        lstat() it; now it gives a warning.
    
      - 'git rm' to resolve a conflicted path leaked an internal
        message 'needs merge' before actually removing the path,
        which was confusing. This has been corrected.
    
      - Many more bugfixes and code cleanups.
    
      - removal of SuSEfirewall2 service, since SuSEfirewall2
        has been replaced by firewalld.
    
      - partial fix for git instaweb giving 500 error
        (bsc#1112230)
    
    git 2.22.0 
    
      - The filter specification '--filter=sparse:path=<path>'
        used to create a lazy/partial clone has been removed.
        Using a blob that is part of the project as sparse
        specification is still supported with the
        '--filter=sparse:oid=<blob>' option
    
      - 'git checkout --no-overlay' can be used to trigger a new
        mode of checking out paths out of the tree-ish, that
        allows paths that match the pathspec that are in the
        current index and working tree and are not in the
        tree-ish.
    
      - Four new configuration variables
        (author,committer).(name,email) have been introduced to
        override user.(name,email) in more specific cases.
    
      - 'git branch' learned a new subcommand '--show-current'.
    
      - The command line completion (in contrib/) has been
        taught to complete more subcommand parameters.
    
      - The completion helper code now pays attention to
        repository-local configuration (when available), which
        allows --list-cmds to honour a repository specific
        setting of completion.commands, for example.
    
      - The list of conflicted paths shown in the editor while
        concluding a conflicted merge was shown above the
        scissors line when the clean-up mode is set to
        'scissors', even though it was commented out just like
        the list of updated paths and other information to help
        the user explain the merge better.
    
      - 'git rebase' that was reimplemented in C did not set
        ORIG_HEAD correctly, which has been corrected.
    
      - 'git worktree add' used to do a 'find an available name
        with stat and then mkdir', which is race-prone. This has
        been fixed by using mkdir and reacting to EEXIST in a
        loop. 
    
      - Move to DocBook 5.x. Asciidoctor 2.x no longer supports
        the legacy DocBook 4.5 format.
    
      - update git-web AppArmor profile for bash and tar
        usrMerge (bsc#1132350)
    
    git 2.21.0
    
      - Historically, the '-m' (mainline) option can only be
        used for 'git cherry-pick' and 'git revert' when working
        with a merge commit. This version of Git no longer warns
        or errors out when working with a single-parent commit,
        as long as the argument to the '-m' option is 1 (i.e. it
        has only one parent, and the request is to pick or
        revert relative to that first parent). Scripts that
        relied on the behaviour may get broken with this change.
    
      - Small fixes and features for fast-export and
        fast-import.
    
      - The 'http.version' configuration variable can be used
        with recent enough versions of cURL library to force the
        version of HTTP used to talk when fetching and pushing.
    
      - 'git push $there $src:$dst' rejects when $dst is not a
        fully qualified refname and it is not clear what the end
        user meant.
    
      - Update 'git multimail' from the upstream.
    
      - A new date format '--date=human' that morphs its output
        depending on how far the time is from the current time
        has been introduced. '--date=auto:human' can be used to
        use this new format (or any existing format) when the
        output is going to the pager or to the terminal, and
        otherwise the default format.
    
      - Fix worktree creation race (bsc#1114225).
    
      - add shadow build dependency to the -daemon subpackage.
    
    git 2.20.1 :
    
      - portability fixes
    
      - 'git help -a' did not work well when an overly long
        alias was defined
    
      - no longer squelched an error message when the
        run_command API failed to run a missing command
    
    git 2.20.0
    
      - 'git help -a' now gives verbose output (same as 'git
        help -av'). Those who want the old output may say 'git
        help --no-verbose -a'..
    
      - 'git send-email' learned to grab address-looking string
        on any trailer whose name ends with '-by'.
    
      - 'git format-patch' learned new '--interdiff' and
        '--range-diff' options to explain the difference between
        this version and the previous attempt in the cover
        letter (or after the three-dashes as a comment).
    
      - Developer builds now use -Wunused-function compilation
        option.
    
      - Fix a bug in which the same path could be registered
        under multiple worktree entries if the path was missing
        (for instance, was removed manually). Also, as a
        convenience, expand the number of cases in which --force
        is applicable.
    
      - The overly large Documentation/config.txt file have been
        split into million little pieces. This potentially
        allows each individual piece to be included into the
        manual page of the command it affects more easily.
    
      - Malformed or crafted data in packstream can make our
        code attempt to read or write past the allocated buffer
        and abort, instead of reporting an error, which has been
        fixed.
    
      - Fix for a long-standing bug that leaves the index file
        corrupt when it shrinks during a partial commit.
    
      - 'git merge' and 'git pull' that merges into an unborn
        branch used to completely ignore '--verify-signatures',
        which has been corrected.
    
      - ...and much more features and fixes
    
    git 2.19.2 :
    
      - various bug fixes for multiple subcommands and
        operations
    
    git 2.19.1 :
    
      - CVE-2018-17456: Specially crafted .gitmodules files may
        have allowed arbitrary code execution when the
        repository is cloned with --recurse-submodules
        (bsc#1110949)
    
    git 2.19.0 :
    
      - 'git diff' compares the index and the working tree. For
        paths added with intent-to-add bit, the command shows
        the full contents of them as added, but the paths
        themselves were not marked as new files. They are now
        shown as new by default.
    
      - 'git apply' learned the '--intent-to-add' option so that
        an otherwise working-tree-only application of a patch
        will add new paths to the index marked with the
        'intent-to-add' bit.
    
      - 'git grep' learned the '--column' option that gives not
        just the line number but the column number of the hit.
    
      - The '-l' option in 'git branch -l' is an unfortunate
        short-hand for '--create-reflog', but many users, both
        old and new, somehow expect it to be something else,
        perhaps '--list'. This step warns when '-l' is used as a
        short-hand for '--create-reflog' and warns about the
        future repurposing of the it when it is used.
    
      - The userdiff pattern for .php has been updated.
    
      - The content-transfer-encoding of the message 'git
        send-email' sends out by default was 8bit, which can
        cause trouble when there is an overlong line to bust RFC
        5322/2822 limit. A new option 'auto' to automatically
        switch to quoted-printable when there is such a line in
        the payload has been introduced and is made the default.
    
      - 'git checkout' and 'git worktree add' learned to honor
        checkout.defaultRemote when auto-vivifying a local
        branch out of a remote tracking branch in a repository
        with multiple remotes that have tracking branches that
        share the same names. (merge 8d7b558bae
        ab/checkout-default-remote later to maint).
    
      - 'git grep' learned the '--only-matching' option.
    
      - 'git rebase --rebase-merges' mode now handles octopus
        merges as well.
    
      - Add a server-side knob to skip commits in
        exponential/fibbonacci stride in an attempt to cover
        wider swath of history with a smaller number of
        iterations, potentially accepting a larger packfile
        transfer, instead of going back one commit a time during
        common ancestor discovery during the 'git fetch'
        transaction. (merge 42cc7485a2
        jt/fetch-negotiator-skipping later to maint).
    
      - A new configuration variable core.usereplacerefs has
        been added, primarily to help server installations that
        want to ignore the replace mechanism altogether.
    
      - Teach 'git tag -s' etc. a few configuration variables
        (gpg.format that can be set to 'openpgp' or 'x509', and
        gpg.<format>.program that is used to specify what
        program to use to deal with the format) to allow x.509
        certs with CMS via 'gpgsm' to be used instead of openpgp
        via 'gnupg'.
    
      - Many more strings are prepared for l10n.
    
      - 'git p4 submit' learns to ask its own pre-submit hook if
        it should continue with submitting.
    
      - The test performed at the receiving end of 'git push' to
        prevent bad objects from entering repository can be
        customized via receive.fsck.* configuration variables;
        we now have gained a counterpart to do the same on the
        'git fetch' side, with fetch.fsck.* configuration
        variables.
    
      - 'git pull --rebase=interactive' learned 'i' as a
        short-hand for 'interactive'.
    
      - 'git instaweb' has been adjusted to run better with
        newer Apache on RedHat based distros.
    
      - 'git range-diff' is a reimplementation of 'git tbdiff'
        that lets us compare individual patches in two
        iterations of a topic.
    
      - The sideband code learned to optionally paint selected
        keywords at the beginning of incoming lines on the
        receiving end.
    
      - 'git branch --list' learned to take the default sort
        order from the 'branch.sort' configuration variable,
        just like 'git tag --list' pays attention to 'tag.sort'.
    
      - 'git worktree' command learned '--quiet' option to make
        it less verbose.
    
    git 2.18.0 :
    
      - improvements to rename detection logic
    
      - When built with more recent cURL, GIT_SSL_VERSION can
        now specify 'tlsv1.3' as its value.
    
      - 'git mergetools' learned talking to guiffy.
    
      - various other workflow improvements and fixes
    
      - performance improvements and other developer visible
        fixes
    
    git 2.17.1
    
      - Submodule 'names' come from the untrusted .gitmodules
        file, but we blindly append them to $GIT_DIR/modules to
        create our on-disk repo paths. This means you can do bad
        things by putting '../' into the name. We now enforce
        some rules for submodule names which will cause Git to
        ignore these malicious names (CVE-2018-11235,
        bsc#1095219)
    
      - It was possible to trick the code that sanity-checks
        paths on NTFS into reading random piece of memory
        (CVE-2018-11233, bsc#1095218)
    
      - Support on the server side to reject pushes to
        repositories that attempt to create such problematic
        .gitmodules file etc. as tracked contents, to help
        hosting sites protect their customers by preventing
        malicious contents from spreading.
    
    git 2.17.0 :
    
      - 'diff' family of commands learned
        '--find-object=<object-id>' option to limit the findings
        to changes that involve the named object.
    
      - 'git format-patch' learned to give 72-cols to diffstat,
        which is consistent with other line length limits the
        subcommand uses for its output meant for e-mails.
    
      - The log from 'git daemon' can be redirected with a new
        option; one relevant use case is to send the log to
        standard error (instead of syslog) when running it from
        inetd.
    
      - 'git rebase' learned to take '--allow-empty-message'
        option.
    
      - 'git am' has learned the '--quit' option, in addition to
        the existing '--abort' option; having the pair mirrors a
        few other commands like 'rebase' and 'cherry-pick'.
    
      - 'git worktree add' learned to run the post-checkout
        hook, just like 'git clone' runs it upon the initial
        checkout.
    
      - 'git tag' learned an explicit '--edit' option that
        allows the message given via '-m' and '-F' to be further
        edited.
    
      - 'git fetch --prune-tags' may be used as a handy
        short-hand for getting rid of stale tags that are
        locally held.
    
      - The new '--show-current-patch' option gives an end-user
        facing way to get the diff being applied when 'git
        rebase' (and 'git am') stops with a conflict.
    
      - 'git add -p' used to offer '/' (look for a matching
        hunk) as a choice, even there was only one hunk, which
        has been corrected. Also the single-key help is now
        given only for keys that are enabled (e.g. help for '/'
        won't be shown when there is only one hunk).
    
      - Since Git 1.7.9, 'git merge' defaulted to --no-ff (i.e.
        even when the side branch being merged is a descendant
        of the current commit, create a merge commit instead of
        fast-forwarding) when merging a tag object. This was
        appropriate default for integrators who pull signed tags
        from their downstream contributors, but caused an
        unnecessary merges when used by downstream contributors
        who habitually 'catch up' their topic branches with
        tagged releases from the upstream. Update 'git merge' to
        default to --no-ff only when merging a tag object that
        does *not* sit at its usual place in refs/tags/
        hierarchy, and allow fast-forwarding otherwise, to
        mitigate the problem.
    
      - 'git status' can spend a lot of cycles to compute the
        relation between the current branch and its upstream,
        which can now be disabled with '--no-ahead-behind'
        option.
    
      - 'git diff' and friends learned funcname patterns for Go
        language source files.
    
      - 'git send-email' learned '--reply-to=<address>' option.
    
      - Funcname pattern used for C# now recognizes 'async'
        keyword.
    
      - In a way similar to how 'git tag' learned to honor the
        pager setting only in the list mode, 'git config'
        learned to ignore the pager setting when it is used for
        setting values (i.e. when the purpose of the operation
        is not to 'show').
    
    This update was imported from the SUSE:SLE-15:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1063412"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1095218"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1095219"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110949"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112230"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114225"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132350"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149792"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1156651"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158785"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158787"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158788"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158789"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158790"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158791"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158792"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158793"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158795"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1167890"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1168930"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1169605"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1169786"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1169936"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected git packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19604");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Malicious Git HTTP Server For CVE-2018-17456');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-arch");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-core-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-credential-gnome-keyring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-credential-gnome-keyring-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-credential-libsecret");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-credential-libsecret-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-cvs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-daemon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-daemon-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-email");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-gui");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-p4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-svn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-svn-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-web");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gitk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/05/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.1", reference:"git-2.26.1-lp151.4.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"git-arch-2.26.1-lp151.4.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"git-core-2.26.1-lp151.4.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"git-core-debuginfo-2.26.1-lp151.4.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"git-credential-gnome-keyring-2.26.1-lp151.4.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"git-credential-gnome-keyring-debuginfo-2.26.1-lp151.4.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"git-credential-libsecret-2.26.1-lp151.4.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"git-credential-libsecret-debuginfo-2.26.1-lp151.4.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"git-cvs-2.26.1-lp151.4.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"git-daemon-2.26.1-lp151.4.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"git-daemon-debuginfo-2.26.1-lp151.4.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"git-debuginfo-2.26.1-lp151.4.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"git-debugsource-2.26.1-lp151.4.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"git-email-2.26.1-lp151.4.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"git-gui-2.26.1-lp151.4.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"git-p4-2.26.1-lp151.4.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"git-svn-2.26.1-lp151.4.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"git-svn-debuginfo-2.26.1-lp151.4.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"git-web-2.26.1-lp151.4.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"gitk-2.26.1-lp151.4.9.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git / git-arch / git-core / git-core-debuginfo / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1978.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1978 advisory. - git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-05-03
    modified2020-04-30
    plugin id136184
    published2020-04-30
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136184
    titleRHEL 8 : git (RHSA-2020:1978)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:1978. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(136184);
      script_version("1.1");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/30");
    
      script_cve_id("CVE-2020-11008");
      script_xref(name:"RHSA", value:"2020:1978");
    
      script_name(english:"RHEL 8 : git (RHSA-2020:1978)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in
    the RHSA-2020:1978 advisory.
    
      - git: Crafted URL containing new lines, empty host or
        lacks a scheme can cause credential leak
        (CVE-2020-11008)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/20.html");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1978");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-11008");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1826001");
      script_set_attribute(attribute:"solution", value:
    "Update the affected packages.");
      script_set_attribute(attribute:"risk_factor", value:"High");
      script_cwe_id(20);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/30");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_e4s:8.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_e4s:8.0::appstream");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:git");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:git-all");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:git-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:git-core-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:git-daemon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:git-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:git-email");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:git-gui");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:git-instaweb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:git-subtree");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:git-svn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gitk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gitweb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Git");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Git-SVN");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    pkgs = [
        {'reference':'git-2.18.4-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'git-2.18.4-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'git-2.18.4-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'git-all-2.18.4-1.el8_0', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'git-core-2.18.4-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'git-core-2.18.4-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'git-core-2.18.4-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'git-core-doc-2.18.4-1.el8_0', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'git-daemon-2.18.4-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'git-daemon-2.18.4-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'git-daemon-2.18.4-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'git-debugsource-2.18.4-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'git-debugsource-2.18.4-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'git-debugsource-2.18.4-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'git-email-2.18.4-1.el8_0', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'git-gui-2.18.4-1.el8_0', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'git-instaweb-2.18.4-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'git-instaweb-2.18.4-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'git-instaweb-2.18.4-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'git-subtree-2.18.4-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'git-subtree-2.18.4-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'git-subtree-2.18.4-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'git-svn-2.18.4-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'git-svn-2.18.4-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'git-svn-2.18.4-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'gitk-2.18.4-1.el8_0', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'gitweb-2.18.4-1.el8_0', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'perl-Git-2.18.4-1.el8_0', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'perl-Git-SVN-2.18.4-1.el8_0', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE}
    ];
    
    flag = 0;
    foreach package_array ( pkgs ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string = NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (reference && release) {
        if (rpm_spec_vers_cmp) {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++;
        }
        else
        {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++;
        }
      }
    }
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'git / git-all / git-core / etc');
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2020-4E093619BB.NASL
    descriptionSecurity fix for CVE-2020-5260 and CVE-2020-11008 CVE-2020-5260 - From the upstream [release notes](https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.17. 4.txt) : > With a crafted URL that contains a newline in it, the credential > helper machinery can be fooled to give credential information for > a wrong host. The attack has been made impossible by forbidding > a newline character in any value passed via the credential > protocol. CVE-2020-11008 - From the upstream [release notes](https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.17. 5.txt): > With a crafted URL that contains a newline or empty host, or lacks > a scheme, the credential helper machinery can be fooled into > providing credential information that is not appropriate for the > protocol in use and host being contacted. > > Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the > credentials are not for a host of the attacker
    last seen2020-05-08
    modified2020-05-01
    plugin id136211
    published2020-05-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136211
    titleFedora 30 : git (2020-4e093619bb)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2020-4e093619bb.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(136211);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id("CVE-2020-11008", "CVE-2020-5260");
      script_xref(name:"FEDORA", value:"2020-4e093619bb");
    
      script_name(english:"Fedora 30 : git (2020-4e093619bb)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security fix for CVE-2020-5260 and CVE-2020-11008
    
    CVE-2020-5260 - From the upstream [release
    notes](https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.17.
    4.txt) :
    
    > With a crafted URL that contains a newline in it, the credential >
    helper machinery can be fooled to give credential information for > a
    wrong host. The attack has been made impossible by forbidding > a
    newline character in any value passed via the credential > protocol.
    
    CVE-2020-11008 - From the upstream [release
    notes](https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.17.
    5.txt): > With a crafted URL that contains a newline or empty host, or
    lacks > a scheme, the credential helper machinery can be fooled into >
    providing credential information that is not appropriate for the >
    protocol in use and host being contacted. > > Unlike the vulnerability
    CVE-2020-5260 fixed in v2.17.4, the > credentials are not for a host
    of the attacker's choosing; instead, > they are for some unspecified
    host (based on how the configured > credential helper handles an
    absent 'host' parameter). > > The attack has been made impossible by
    refusing to work with > under-specified credential patterns.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-4e093619bb"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected git package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:git");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/05/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC30", reference:"git-2.21.3-1.fc30")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-2_0-0243_GIT.NASL
    descriptionAn update of the git package has been released.
    last seen2020-05-21
    modified2020-05-18
    plugin id136697
    published2020-05-18
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136697
    titlePhoton OS 2.0: Git PHSA-2020-2.0-0243
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2020-2.0-0243. The text
    # itself is copyright (C) VMware, Inc.
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(136697);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/19");
    
      script_cve_id("CVE-2020-11008");
    
      script_name(english:"Photon OS 2.0: Git PHSA-2020-2.0-0243");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the git package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-243.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-11008");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/05/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/18");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:git");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-2.0", cpu:"x86_64", reference:"git-2.23.3-1.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", cpu:"x86_64", reference:"git-lang-2.23.3-1.ph2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1980.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1980 advisory. - git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-05-03
    modified2020-04-30
    plugin id136181
    published2020-04-30
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136181
    titleRHEL 8 : git (RHSA-2020:1980)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:1980. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(136181);
      script_version("1.1");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/30");
    
      script_cve_id("CVE-2020-11008");
      script_xref(name:"RHSA", value:"2020:1980");
    
      script_name(english:"RHEL 8 : git (RHSA-2020:1980)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in
    the RHSA-2020:1980 advisory.
    
      - git: Crafted URL containing new lines, empty host or
        lacks a scheme can cause credential leak
        (CVE-2020-11008)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/20.html");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1980");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-11008");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1826001");
      script_set_attribute(attribute:"solution", value:
    "Update the affected packages.");
      script_set_attribute(attribute:"risk_factor", value:"High");
      script_cwe_id(20);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/30");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8::appstream");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:git");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:git-all");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:git-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:git-core-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:git-daemon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:git-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:git-email");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:git-gui");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:git-instaweb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:git-subtree");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:git-svn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gitk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gitweb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Git");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Git-SVN");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    pkgs = [
        {'reference':'git-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8'},
        {'reference':'git-2.18.4-2.el8_2', 'cpu':'s390x', 'release':'8'},
        {'reference':'git-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8'},
        {'reference':'git-all-2.18.4-2.el8_2', 'release':'8'},
        {'reference':'git-core-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8'},
        {'reference':'git-core-2.18.4-2.el8_2', 'cpu':'s390x', 'release':'8'},
        {'reference':'git-core-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8'},
        {'reference':'git-core-doc-2.18.4-2.el8_2', 'release':'8'},
        {'reference':'git-daemon-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8'},
        {'reference':'git-daemon-2.18.4-2.el8_2', 'cpu':'s390x', 'release':'8'},
        {'reference':'git-daemon-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8'},
        {'reference':'git-debugsource-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8'},
        {'reference':'git-debugsource-2.18.4-2.el8_2', 'cpu':'s390x', 'release':'8'},
        {'reference':'git-debugsource-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8'},
        {'reference':'git-email-2.18.4-2.el8_2', 'release':'8'},
        {'reference':'git-gui-2.18.4-2.el8_2', 'release':'8'},
        {'reference':'git-instaweb-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8'},
        {'reference':'git-instaweb-2.18.4-2.el8_2', 'cpu':'s390x', 'release':'8'},
        {'reference':'git-instaweb-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8'},
        {'reference':'git-subtree-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8'},
        {'reference':'git-subtree-2.18.4-2.el8_2', 'cpu':'s390x', 'release':'8'},
        {'reference':'git-subtree-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8'},
        {'reference':'git-svn-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8'},
        {'reference':'git-svn-2.18.4-2.el8_2', 'cpu':'s390x', 'release':'8'},
        {'reference':'git-svn-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8'},
        {'reference':'gitk-2.18.4-2.el8_2', 'release':'8'},
        {'reference':'gitweb-2.18.4-2.el8_2', 'release':'8'},
        {'reference':'perl-Git-2.18.4-2.el8_2', 'release':'8'},
        {'reference':'perl-Git-SVN-2.18.4-2.el8_2', 'release':'8'}
    ];
    
    flag = 0;
    foreach package_array ( pkgs ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string = NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (reference && release) {
        if (rpm_spec_vers_cmp) {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++;
        }
        else
        {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++;
        }
      }
    }
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'git / git-all / git-core / etc');
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1578.NASL
    descriptionAccording to the version of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external
    last seen2020-05-31
    modified2020-05-26
    plugin id136856
    published2020-05-26
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136856
    titleEulerOS 2.0 SP8 : git (EulerOS-SA-2020-1578)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2020-1416.NASL
    descriptionAffected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260 (GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external
    last seen2020-05-12
    modified2020-05-07
    plugin id136360
    published2020-05-07
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136360
    titleAmazon Linux 2 : git (ALAS-2020-1416)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2020-F6B3B6FB18.NASL
    descriptionSecurity fix for CVE-2020-5260 From the upstream [release notes](https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.17. 5.txt) : > With a crafted URL that contains a newline or empty host, or lacks > a scheme, the credential helper machinery can be fooled into > providing credential information that is not appropriate for the > protocol in use and host being contacted. > > Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the > credentials are not for a host of the attacker
    last seen2020-05-03
    modified2020-04-27
    plugin id136001
    published2020-04-27
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136001
    titleFedora 31 : git (2020-f6b3b6fb18)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1598.NASL
    descriptionAccording to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external
    last seen2020-06-06
    modified2020-06-02
    plugin id137016
    published2020-06-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137016
    titleEulerOS 2.0 SP5 : git (EulerOS-SA-2020-1598)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1979.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1979 advisory. - git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-05-03
    modified2020-04-30
    plugin id136185
    published2020-04-30
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136185
    titleRHEL 8 : git (RHSA-2020:1979)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-1980.NASL
    descriptionFrom Red Hat Security Advisory 2020:1980 : The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1980 advisory. - git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-06
    modified2020-05-11
    plugin id136446
    published2020-05-11
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136446
    titleOracle Linux 8 : git (ELSA-2020-1980)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-202004-13.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-202004-13 (Git: Information disclosure) Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, by providing a specially crafted URL, could possibly trick Git into returning credential information for a wrong host. Workaround : Disabling credential helpers will prevent this vulnerability.
    last seen2020-04-30
    modified2020-04-24
    plugin id135949
    published2020-04-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135949
    titleGLSA-202004-13 : Git: Information disclosure
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4659.NASL
    descriptionCarlo Arenas discovered a flaw in git, a fast, scalable, distributed revision control system. With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential information that is not appropriate for the protocol in use and host being contacted.
    last seen2020-05-06
    modified2020-04-21
    plugin id135794
    published2020-04-21
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135794
    titleDebian DSA-4659-1 : git - security update
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-2337.NASL
    descriptionDescription of changes: [1.8.3.1-23] - Prevent crafted URL containing new lines, empty host or lacks a scheme to cause credential leak. Resolves: CVE-2020-11008
    last seen2020-06-06
    modified2020-05-29
    plugin id136958
    published2020-05-29
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136958
    titleOracle Linux 7 : git (ELSA-2020-2337)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-2337.NASL
    descriptionThe remote CentOS host is missing a security update which has been documented in Red Hat advisory RHSA-2020:2337.
    last seen2020-06-06
    modified2020-06-02
    plugin id137006
    published2020-06-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137006
    titleCentOS 7 : git (CESA-2020:2337)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2020-112-01.NASL
    descriptionNew git packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
    last seen2020-05-06
    modified2020-04-22
    plugin id135892
    published2020-04-22
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135892
    titleSlackware 14.0 / 14.1 / 14.2 / current : git (SSA:2020-112-01)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-1_0-0293_GIT.NASL
    descriptionAn update of the git package has been released.
    last seen2020-05-18
    modified2020-05-13
    plugin id136548
    published2020-05-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136548
    titlePhoton OS 1.0: Git PHSA-2020-1.0-0293
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-1295-1.NASL
    descriptionThis update for git to 2.26.2 fixes the following issues : Security issue fixed : CVE-2020-11008: Specially crafted URLs may have tricked the credentials helper to providing credential information that is not appropriate for the protocol in use and host being contacted (bsc#1169936). Non-security issue fixed : Fixed git-daemon not starting after conversion from sysvinit to systemd service (bsc#1169605). Enabled access for git-daemon in firewall configuration (bsc#1170302). Fixed problems with recent switch to protocol v2, which caused fetches transferring unreasonable amount of data (bsc#1170741). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-31
    modified2020-05-22
    plugin id136789
    published2020-05-22
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136789
    titleSUSE SLES12 Security Update : git (SUSE-SU-2020:1295-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200529_GIT_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008)
    last seen2020-06-06
    modified2020-06-01
    plugin id136991
    published2020-06-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136991
    titleScientific Linux Security Update : git on SL7.x x86_64 (20200529)

Redhat

advisories
  • bugzilla
    id1826001
    titleCVE-2020-11008 git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • commentperl-Git-SVN is earlier than 0:2.18.4-2.el8_2
            ovaloval:com.redhat.rhsa:tst:20201980001
          • commentperl-Git-SVN is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20152561012
        • AND
          • commentperl-Git is earlier than 0:2.18.4-2.el8_2
            ovaloval:com.redhat.rhsa:tst:20201980003
          • commentperl-Git is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20101003012
        • AND
          • commentgitweb is earlier than 0:2.18.4-2.el8_2
            ovaloval:com.redhat.rhsa:tst:20201980005
          • commentgitweb is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20101003014
        • AND
          • commentgitk is earlier than 0:2.18.4-2.el8_2
            ovaloval:com.redhat.rhsa:tst:20201980007
          • commentgitk is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20101003020
        • AND
          • commentgit-gui is earlier than 0:2.18.4-2.el8_2
            ovaloval:com.redhat.rhsa:tst:20201980009
          • commentgit-gui is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20101003006
        • AND
          • commentgit-email is earlier than 0:2.18.4-2.el8_2
            ovaloval:com.redhat.rhsa:tst:20201980011
          • commentgit-email is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20101003024
        • AND
          • commentgit-core-doc is earlier than 0:2.18.4-2.el8_2
            ovaloval:com.redhat.rhsa:tst:20201980013
          • commentgit-core-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20194356014
        • AND
          • commentgit-all is earlier than 0:2.18.4-2.el8_2
            ovaloval:com.redhat.rhsa:tst:20201980015
          • commentgit-all is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20101003010
        • AND
          • commentgit-debugsource is earlier than 0:2.18.4-2.el8_2
            ovaloval:com.redhat.rhsa:tst:20201980017
          • commentgit-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20194356018
        • AND
          • commentgit-svn is earlier than 0:2.18.4-2.el8_2
            ovaloval:com.redhat.rhsa:tst:20201980019
          • commentgit-svn is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20101003018
        • AND
          • commentgit-subtree is earlier than 0:2.18.4-2.el8_2
            ovaloval:com.redhat.rhsa:tst:20201980021
          • commentgit-subtree is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20194356022
        • AND
          • commentgit-instaweb is earlier than 0:2.18.4-2.el8_2
            ovaloval:com.redhat.rhsa:tst:20201980023
          • commentgit-instaweb is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183408014
        • AND
          • commentgit-daemon is earlier than 0:2.18.4-2.el8_2
            ovaloval:com.redhat.rhsa:tst:20201980025
          • commentgit-daemon is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20101003004
        • AND
          • commentgit-core is earlier than 0:2.18.4-2.el8_2
            ovaloval:com.redhat.rhsa:tst:20201980027
          • commentgit-core is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20194356028
        • AND
          • commentgit is earlier than 0:2.18.4-2.el8_2
            ovaloval:com.redhat.rhsa:tst:20201980029
          • commentgit is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20101003002
    rhsa
    idRHSA-2020:1980
    released2020-04-30
    severityImportant
    titleRHSA-2020:1980: git security update (Important)
  • bugzilla
    id1826001
    titleCVE-2020-11008 git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentgit-svn is earlier than 0:1.8.3.1-23.el7_8
            ovaloval:com.redhat.rhsa:tst:20202337001
          • commentgit-svn is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20101003018
        • AND
          • commentgit-gnome-keyring is earlier than 0:1.8.3.1-23.el7_8
            ovaloval:com.redhat.rhsa:tst:20202337003
          • commentgit-gnome-keyring is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183408002
        • AND
          • commentgit-daemon is earlier than 0:1.8.3.1-23.el7_8
            ovaloval:com.redhat.rhsa:tst:20202337005
          • commentgit-daemon is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20101003004
        • AND
          • commentperl-Git-SVN is earlier than 0:1.8.3.1-23.el7_8
            ovaloval:com.redhat.rhsa:tst:20202337007
          • commentperl-Git-SVN is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20152561012
        • AND
          • commentgitweb is earlier than 0:1.8.3.1-23.el7_8
            ovaloval:com.redhat.rhsa:tst:20202337009
          • commentgitweb is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20101003014
        • AND
          • commentgitk is earlier than 0:1.8.3.1-23.el7_8
            ovaloval:com.redhat.rhsa:tst:20202337011
          • commentgitk is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20101003020
        • AND
          • commentgit-p4 is earlier than 0:1.8.3.1-23.el7_8
            ovaloval:com.redhat.rhsa:tst:20202337013
          • commentgit-p4 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20152561014
        • AND
          • commentgit-instaweb is earlier than 0:1.8.3.1-23.el7_8
            ovaloval:com.redhat.rhsa:tst:20202337015
          • commentgit-instaweb is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183408014
        • AND
          • commentgit-hg is earlier than 0:1.8.3.1-23.el7_8
            ovaloval:com.redhat.rhsa:tst:20202337017
          • commentgit-hg is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20152561022
        • AND
          • commentgit-gui is earlier than 0:1.8.3.1-23.el7_8
            ovaloval:com.redhat.rhsa:tst:20202337019
          • commentgit-gui is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20101003006
        • AND
          • commentgit-email is earlier than 0:1.8.3.1-23.el7_8
            ovaloval:com.redhat.rhsa:tst:20202337021
          • commentgit-email is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20101003024
        • AND
          • commentgit-cvs is earlier than 0:1.8.3.1-23.el7_8
            ovaloval:com.redhat.rhsa:tst:20202337023
          • commentgit-cvs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20101003016
        • AND
          • commentgit-bzr is earlier than 0:1.8.3.1-23.el7_8
            ovaloval:com.redhat.rhsa:tst:20202337025
          • commentgit-bzr is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20152561008
        • AND
          • commentgit-all is earlier than 0:1.8.3.1-23.el7_8
            ovaloval:com.redhat.rhsa:tst:20202337027
          • commentgit-all is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20101003010
        • AND
          • commentemacs-git-el is earlier than 0:1.8.3.1-23.el7_8
            ovaloval:com.redhat.rhsa:tst:20202337029
          • commentemacs-git-el is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20101003008
        • AND
          • commentemacs-git is earlier than 0:1.8.3.1-23.el7_8
            ovaloval:com.redhat.rhsa:tst:20202337031
          • commentemacs-git is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20101003022
        • AND
          • commentgit is earlier than 0:1.8.3.1-23.el7_8
            ovaloval:com.redhat.rhsa:tst:20202337033
          • commentgit is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20101003002
        • AND
          • commentperl-Git is earlier than 0:1.8.3.1-23.el7_8
            ovaloval:com.redhat.rhsa:tst:20202337035
          • commentperl-Git is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20101003012
    rhsa
    idRHSA-2020:2337
    released2020-05-28
    severityImportant
    titleRHSA-2020:2337: git security update (Important)
rpms
  • rh-git218-git-0:2.18.4-1.el7
  • rh-git218-git-all-0:2.18.4-1.el7
  • rh-git218-git-core-0:2.18.4-1.el7
  • rh-git218-git-core-doc-0:2.18.4-1.el7
  • rh-git218-git-cvs-0:2.18.4-1.el7
  • rh-git218-git-daemon-0:2.18.4-1.el7
  • rh-git218-git-debuginfo-0:2.18.4-1.el7
  • rh-git218-git-email-0:2.18.4-1.el7
  • rh-git218-git-gui-0:2.18.4-1.el7
  • rh-git218-git-instaweb-0:2.18.4-1.el7
  • rh-git218-git-p4-0:2.18.4-1.el7
  • rh-git218-git-subtree-0:2.18.4-1.el7
  • rh-git218-git-svn-0:2.18.4-1.el7
  • rh-git218-gitk-0:2.18.4-1.el7
  • rh-git218-gitweb-0:2.18.4-1.el7
  • rh-git218-perl-Git-0:2.18.4-1.el7
  • rh-git218-perl-Git-SVN-0:2.18.4-1.el7
  • git-0:2.18.4-1.el8_0
  • git-all-0:2.18.4-1.el8_0
  • git-core-0:2.18.4-1.el8_0
  • git-core-debuginfo-0:2.18.4-1.el8_0
  • git-core-doc-0:2.18.4-1.el8_0
  • git-daemon-0:2.18.4-1.el8_0
  • git-daemon-debuginfo-0:2.18.4-1.el8_0
  • git-debuginfo-0:2.18.4-1.el8_0
  • git-debugsource-0:2.18.4-1.el8_0
  • git-email-0:2.18.4-1.el8_0
  • git-gui-0:2.18.4-1.el8_0
  • git-instaweb-0:2.18.4-1.el8_0
  • git-subtree-0:2.18.4-1.el8_0
  • git-svn-0:2.18.4-1.el8_0
  • git-svn-debuginfo-0:2.18.4-1.el8_0
  • gitk-0:2.18.4-1.el8_0
  • gitweb-0:2.18.4-1.el8_0
  • perl-Git-0:2.18.4-1.el8_0
  • perl-Git-SVN-0:2.18.4-1.el8_0
  • git-0:2.18.4-1.el8_1
  • git-all-0:2.18.4-1.el8_1
  • git-core-0:2.18.4-1.el8_1
  • git-core-debuginfo-0:2.18.4-1.el8_1
  • git-core-doc-0:2.18.4-1.el8_1
  • git-daemon-0:2.18.4-1.el8_1
  • git-daemon-debuginfo-0:2.18.4-1.el8_1
  • git-debuginfo-0:2.18.4-1.el8_1
  • git-debugsource-0:2.18.4-1.el8_1
  • git-email-0:2.18.4-1.el8_1
  • git-gui-0:2.18.4-1.el8_1
  • git-instaweb-0:2.18.4-1.el8_1
  • git-subtree-0:2.18.4-1.el8_1
  • git-svn-0:2.18.4-1.el8_1
  • git-svn-debuginfo-0:2.18.4-1.el8_1
  • gitk-0:2.18.4-1.el8_1
  • gitweb-0:2.18.4-1.el8_1
  • perl-Git-0:2.18.4-1.el8_1
  • perl-Git-SVN-0:2.18.4-1.el8_1
  • git-0:2.18.4-2.el8_2
  • git-all-0:2.18.4-2.el8_2
  • git-core-0:2.18.4-2.el8_2
  • git-core-debuginfo-0:2.18.4-2.el8_2
  • git-core-doc-0:2.18.4-2.el8_2
  • git-daemon-0:2.18.4-2.el8_2
  • git-daemon-debuginfo-0:2.18.4-2.el8_2
  • git-debuginfo-0:2.18.4-2.el8_2
  • git-debugsource-0:2.18.4-2.el8_2
  • git-email-0:2.18.4-2.el8_2
  • git-gui-0:2.18.4-2.el8_2
  • git-instaweb-0:2.18.4-2.el8_2
  • git-subtree-0:2.18.4-2.el8_2
  • git-svn-0:2.18.4-2.el8_2
  • git-svn-debuginfo-0:2.18.4-2.el8_2
  • gitk-0:2.18.4-2.el8_2
  • gitweb-0:2.18.4-2.el8_2
  • perl-Git-0:2.18.4-2.el8_2
  • perl-Git-SVN-0:2.18.4-2.el8_2
  • emacs-git-0:1.8.3.1-23.el7_8
  • emacs-git-el-0:1.8.3.1-23.el7_8
  • git-0:1.8.3.1-23.el7_8
  • git-all-0:1.8.3.1-23.el7_8
  • git-bzr-0:1.8.3.1-23.el7_8
  • git-cvs-0:1.8.3.1-23.el7_8
  • git-daemon-0:1.8.3.1-23.el7_8
  • git-debuginfo-0:1.8.3.1-23.el7_8
  • git-email-0:1.8.3.1-23.el7_8
  • git-gnome-keyring-0:1.8.3.1-23.el7_8
  • git-gui-0:1.8.3.1-23.el7_8
  • git-hg-0:1.8.3.1-23.el7_8
  • git-instaweb-0:1.8.3.1-23.el7_8
  • git-p4-0:1.8.3.1-23.el7_8
  • git-svn-0:1.8.3.1-23.el7_8
  • gitk-0:1.8.3.1-23.el7_8
  • gitweb-0:1.8.3.1-23.el7_8
  • perl-Git-0:1.8.3.1-23.el7_8
  • perl-Git-SVN-0:1.8.3.1-23.el7_8

References