Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2023-41040

Published: 30 August 2023

GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the `.git` directory. This allows an attacker to make GitPython read any file from the system. This vulnerability is present in https://github.com/gitpython-developers/GitPython/blob/1c8310d7cae144f74a671cbe17e51f63a830adbf/git/refs/symbolic.py#L174-L175. That code joins the base directory with a user given string without checking if the final path is located outside the base directory. This vulnerability cannot be used to read the contents of files but could in theory be used to trigger a denial of service for the program. This issue has not yet been addressed.

Priority

Medium

Cvss 3 Severity Score

6.5

Score breakdown

Status

Package Release Status
python-git
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

jammy Needs triage

lunar Ignored
(end of life, was needs-triage)
mantic Ignored
(end of life, was needs-triage)
noble Needs triage

trusty Needs triage

upstream Needs triage

xenial Needs triage

Severity score breakdown

Parameter Value
Base score 6.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality Low
Integrity impact None
Availability impact Low
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L