V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2008-5916
DEB
MediumConfirmedExploit available

gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other…

CVSS
4.6
Medium
EPSS
0.00
p36
Published
2008-01-01
Updated
2008-01-01
Description

gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query.

Tags · CWE
LPE
CWE-264
Affected products
Git
CVSS vector
AV:L/AC:L/Au:N/C:P/I:P/A:P
Timeline
2008-01-01
Published
2008-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: L
Local (L)
Attack Complexity
AC: L
Low (L)
Authentication
Au: N
None (N)
Confidentiality Impact
C: P
Partial
Integrity Impact
I: P
Partial
Availability Impact
A: P
Partial
Exploit indicators
EPSS
0.005 · p36
Known exploited (KEV)
No
Known exploits — Сканер-ВС
11497
exploitdb · https://www.exploit-db.com/exploits/11497
Enterprise
Affected products
ProductVendorStatus
git-coreTracked
git-coreTracked
git*Tracked
Source databases
DEB
CVE
UBU
Related vulnerabilities