Threats Tagged 'cve-2024-50349'

Multiple security vulnerabilities have been identified and addressed in Git and related components distributed with Red Hat Enterprise Linux 9. These include issues such as improper sanitization of URLs when requesting credentials, newline confusion in credential helpers leading to potential credential exfiltration, arbitrary code execution, arbitrary file writes, and file creation and script execution flaws in gitk and Git GUI. The update addresses seven CVEs affecting Git and gitk, rated as important by Red Hat Product Security. The advisory provides updated packages to remediate these vulnerabilities.

Multiple security vulnerabilities have been identified in Git and related components affecting Red Hat Enterprise Linux 10. These include issues such as improper sanitization of URLs when requesting credentials, newline confusion in credential helpers leading to potential credential exfiltration, arbitrary code execution, arbitrary file writes, and file creation and script execution flaws in gitk and Git GUI. The vulnerabilities collectively pose risks of credential leakage, unauthorized code execution, and unauthorized file modifications. Red Hat has issued an important security advisory with updates to address these issues.

This Red Hat security advisory addresses multiple vulnerabilities in Git and gitk affecting Red Hat Enterprise Linux 8. The issues include improper sanitization of URLs when requesting credentials, newline confusion leading to credential exfiltration, arbitrary code execution, arbitrary file writes, file creation flaws, script execution flaws, and the ability of Git GUI to create or overwrite files with user write permissions. These vulnerabilities collectively pose risks such as credential leakage, unauthorized code execution, and unauthorized file manipulation. Red Hat has released updated packages to fix these issues for affected versions of Git. Users of Red Hat Enterprise Linux 8 are advised to apply the provided security update to mitigate these vulnerabilities. No known exploits in the wild have been reported at this time.

A low severity vulnerability (CVE-2024-50349) in Git was identified where Git does not sanitize URLs when requesting credentials interactively. This issue affects multiple Red Hat Enterprise Linux 9. 4 Extended Update Support versions and architectures. Red Hat has issued a security advisory and released updated Git packages addressing this vulnerability. The flaw relates to improper sanitization of URLs during credential prompts, which could potentially lead to unintended information disclosure. No known exploits are reported in the wild. The update is available and users are advised to apply the provided patches to mitigate the issue.