USN-7207-1
- Source
- https://ubuntu.com/security/notices/USN-7207-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7207-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-7207-1
- Upstream
- Related
- Published
- 2025-01-14T19:55:30.997868Z
- Modified
- 2025-10-13T04:39:40Z
- Summary
- git vulnerabilities
- Details
-
It was discovered that Git incorrectly handled certain URLs when asking for credentials. An attacker could possibly use this issue to mislead the user into typing passwords for trusted sites that would then be sent to untrusted sites instead. (CVE-2024-50349)
It was discovered that git incorrectly handled line endings when using credential helpers. (CVE-2024-52006)
- References
Affected packages
Ubuntu:22.04:LTS / git
Package
- Name
- git
- Purl
- pkg:deb/ubuntu/git@1:2.34.1-1ubuntu1.12?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:2.34.1-1ubuntu1.12
Affected versions
1:2.*
1:2.32.0-1ubuntu1
1:2.33.1-1ubuntu1
1:2.34.1-1ubuntu1
1:2.34.1-1ubuntu1.1
1:2.34.1-1ubuntu1.2
1:2.34.1-1ubuntu1.4
1:2.34.1-1ubuntu1.5
1:2.34.1-1ubuntu1.6
1:2.34.1-1ubuntu1.8
1:2.34.1-1ubuntu1.9
1:2.34.1-1ubuntu1.10
1:2.34.1-1ubuntu1.11
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "git",
"binary_version": "1:2.34.1-1ubuntu1.12"
},
{
"binary_name": "git-all",
"binary_version": "1:2.34.1-1ubuntu1.12"
},
{
"binary_name": "git-cvs",
"binary_version": "1:2.34.1-1ubuntu1.12"
},
{
"binary_name": "git-daemon-run",
"binary_version": "1:2.34.1-1ubuntu1.12"
},
{
"binary_name": "git-daemon-sysvinit",
"binary_version": "1:2.34.1-1ubuntu1.12"
},
{
"binary_name": "git-email",
"binary_version": "1:2.34.1-1ubuntu1.12"
},
{
"binary_name": "git-gui",
"binary_version": "1:2.34.1-1ubuntu1.12"
},
{
"binary_name": "git-man",
"binary_version": "1:2.34.1-1ubuntu1.12"
},
{
"binary_name": "git-mediawiki",
"binary_version": "1:2.34.1-1ubuntu1.12"
},
{
"binary_name": "git-svn",
"binary_version": "1:2.34.1-1ubuntu1.12"
},
{
"binary_name": "gitk",
"binary_version": "1:2.34.1-1ubuntu1.12"
},
{
"binary_name": "gitweb",
"binary_version": "1:2.34.1-1ubuntu1.12"
}
]
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:22.04:LTS",
"cves": [
{
"id": "CVE-2024-50349",
"severity": [
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2024-52006",
"severity": [
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}
Ubuntu:24.04:LTS / git
Package
- Name
- git
- Purl
- pkg:deb/ubuntu/git@1:2.43.0-1ubuntu7.2?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:2.43.0-1ubuntu7.2
Affected versions
1:2.*
1:2.40.1-1ubuntu1
1:2.43.0-1ubuntu1
1:2.43.0-1ubuntu5
1:2.43.0-1ubuntu6
1:2.43.0-1ubuntu7
1:2.43.0-1ubuntu7.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "git",
"binary_version": "1:2.43.0-1ubuntu7.2"
},
{
"binary_name": "git-all",
"binary_version": "1:2.43.0-1ubuntu7.2"
},
{
"binary_name": "git-cvs",
"binary_version": "1:2.43.0-1ubuntu7.2"
},
{
"binary_name": "git-daemon-run",
"binary_version": "1:2.43.0-1ubuntu7.2"
},
{
"binary_name": "git-daemon-sysvinit",
"binary_version": "1:2.43.0-1ubuntu7.2"
},
{
"binary_name": "git-email",
"binary_version": "1:2.43.0-1ubuntu7.2"
},
{
"binary_name": "git-gui",
"binary_version": "1:2.43.0-1ubuntu7.2"
},
{
"binary_name": "git-man",
"binary_version": "1:2.43.0-1ubuntu7.2"
},
{
"binary_name": "git-mediawiki",
"binary_version": "1:2.43.0-1ubuntu7.2"
},
{
"binary_name": "git-svn",
"binary_version": "1:2.43.0-1ubuntu7.2"
},
{
"binary_name": "gitk",
"binary_version": "1:2.43.0-1ubuntu7.2"
},
{
"binary_name": "gitweb",
"binary_version": "1:2.43.0-1ubuntu7.2"
}
]
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:24.04:LTS",
"cves": [
{
"id": "CVE-2024-50349",
"severity": [
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2024-52006",
"severity": [
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}