CVE-2024-32478

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-32478
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32478.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-32478
Aliases
  • GHSA-3c3g-h9rx-f7vq
Published
2024-04-19T15:15:50Z
Modified
2024-10-08T04:12:15.716761Z
Summary
[none]
Details

Git Credential Manager (GCM) is a secure Git credential helper. Prior to 2.5.0, the Debian package does not set root ownership on installed files. This allows user 1001 on a multi-user system can replace binary and gain other users' privileges. This vulnerability is fixed in 2.5.0.

References

Affected packages

Git / github.com/git-ecosystem/git-credential-manager

Affected ranges

Type
GIT
Repo
https://github.com/git-ecosystem/git-credential-manager
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v2.*

v2.0.124-beta
v2.0.153-beta
v2.0.157-beta
v2.0.164-beta
v2.0.194-beta
v2.0.22-beta
v2.0.246-beta
v2.0.249-beta
v2.0.252-beta
v2.0.280-beta
v2.0.289-beta
v2.0.318-beta
v2.0.33-beta
v2.0.374-beta
v2.0.394-beta
v2.0.435-beta
v2.0.452
v2.0.472
v2.0.474
v2.0.475
v2.0.498
v2.0.5-beta
v2.0.567
v2.0.603
v2.0.605
v2.0.632
v2.0.692
v2.0.696
v2.0.779
v2.0.785
v2.0.79-beta
v2.0.866
v2.0.87-beta
v2.0.877
v2.0.886
v2.0.931
v2.0.935
v2.1.0
v2.1.1
v2.1.2
v2.2.0
v2.2.1
v2.2.2
v2.3.0
v2.3.1