CVE-2022-24975

Published: Feb 11, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option. Note: This has been disputed by multiple 3rd parties who believe this is an intended feature of the git binary and does not pose a security risk.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://wwws.nightwatchcybersecurity.com/2022/02/11/gitbleed/

https://github.com/git/git/blob/2dc94da3744bfbbf145eca587a0f5ff480cc5867/Documentation/git-clone.txt#L185-L191

https://www.aquasec.com/blog/undetected-hard-code-secrets-expose-corporations/

https://lore.kernel.org/git/xmqq4k14qe9g.fsf%40gitster.g/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-24975

Description

Affected Products

References