Bug 2188338 (CVE-2023-29007) - CVE-2023-29007 git: arbitrary configuration injection when renaming or deleting a section from a configuration file
Summary: CVE-2023-29007 git: arbitrary configuration injection when renaming or deleti...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2023-29007
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2188358 2188360 2188361 2188363 2188365 2188367 2188369 2188370 2188371 2188372 2188373 2188374 2188375 2189769
Blocks: 2188310
TreeView+ depends on / blocked
 
Reported: 2023-04-20 13:56 UTC by Sandipan Roy
Modified: 2023-06-26 18:13 UTC (History)
35 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection.
Clone Of:
Environment:
Last Closed: 2023-05-31 18:45:29 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:3250 0 None None None 2023-05-22 10:37:55 UTC
Red Hat Product Errata RHBA-2023:3251 0 None None None 2023-05-22 11:26:49 UTC
Red Hat Product Errata RHBA-2023:3252 0 None None None 2023-05-22 11:29:00 UTC
Red Hat Product Errata RHBA-2023:3253 0 None None None 2023-05-22 11:29:06 UTC
Red Hat Product Errata RHBA-2023:3254 0 None None None 2023-05-22 14:34:44 UTC
Red Hat Product Errata RHBA-2023:3255 0 None None None 2023-05-22 16:25:04 UTC
Red Hat Product Errata RHBA-2023:3274 0 None None None 2023-05-23 13:14:05 UTC
Red Hat Product Errata RHBA-2023:3275 0 None None None 2023-05-23 13:42:40 UTC
Red Hat Product Errata RHBA-2023:3284 0 None None None 2023-05-24 05:17:43 UTC
Red Hat Product Errata RHBA-2023:3285 0 None None None 2023-05-24 05:19:08 UTC
Red Hat Product Errata RHBA-2023:3312 0 None None None 2023-05-25 09:42:13 UTC
Red Hat Product Errata RHBA-2023:3313 0 None None None 2023-05-25 09:18:55 UTC
Red Hat Product Errata RHBA-2023:3314 0 None None None 2023-05-25 09:42:08 UTC
Red Hat Product Errata RHBA-2023:3315 0 None None None 2023-05-25 09:44:02 UTC
Red Hat Product Errata RHBA-2023:3316 0 None None None 2023-05-25 09:42:24 UTC
Red Hat Product Errata RHBA-2023:3317 0 None None None 2023-05-25 09:52:44 UTC
Red Hat Product Errata RHBA-2023:3324 0 None None None 2023-05-25 13:45:39 UTC
Red Hat Product Errata RHBA-2023:3337 0 None None None 2023-05-29 00:39:17 UTC
Red Hat Product Errata RHBA-2023:3405 0 None None None 2023-05-31 17:26:54 UTC
Red Hat Product Errata RHBA-2023:3417 0 None None None 2023-05-31 21:26:05 UTC
Red Hat Product Errata RHBA-2023:3528 0 None None None 2023-06-07 08:54:03 UTC
Red Hat Product Errata RHBA-2023:3643 0 None None None 2023-06-15 16:29:49 UTC
Red Hat Product Errata RHBA-2023:3659 0 None None None 2023-06-19 06:24:05 UTC
Red Hat Product Errata RHBA-2023:3806 0 None None None 2023-06-26 18:13:52 UTC
Red Hat Product Errata RHSA-2023:3192 0 None None None 2023-05-17 15:20:39 UTC
Red Hat Product Errata RHSA-2023:3243 0 None None None 2023-05-22 06:50:48 UTC
Red Hat Product Errata RHSA-2023:3245 0 None None None 2023-05-22 07:04:08 UTC
Red Hat Product Errata RHSA-2023:3246 0 None None None 2023-05-22 07:04:42 UTC
Red Hat Product Errata RHSA-2023:3247 0 None None None 2023-05-22 07:07:44 UTC
Red Hat Product Errata RHSA-2023:3248 0 None None None 2023-05-22 07:03:57 UTC
Red Hat Product Errata RHSA-2023:3263 0 None None None 2023-05-23 09:16:59 UTC
Red Hat Product Errata RHSA-2023:3280 0 None None None 2023-05-23 14:44:23 UTC
Red Hat Product Errata RHSA-2023:3382 0 None None None 2023-05-31 14:14:32 UTC

Description Sandipan Roy 2023-04-20 13:56:11 UTC 
CVE-2023-29007
When renaming or deleting a section from a configuration file,certain malicious configuration values may be misinterpreted as the beginning of a new configuration section, leading to arbitrary configuration injection.
Comment 3 Sandipan Roy 2023-04-26 05:56:05 UTC 
Created git tracking bugs for this issue:

Affects: fedora-all [bug 2189769]
Comment 5 errata-xmlrpc 2023-05-17 15:20:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:3192 https://access.redhat.com/errata/RHSA-2023:3192
Comment 6 errata-xmlrpc 2023-05-22 06:50:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:3243 https://access.redhat.com/errata/RHSA-2023:3243
Comment 7 errata-xmlrpc 2023-05-22 07:03:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:3248 https://access.redhat.com/errata/RHSA-2023:3248
Comment 8 errata-xmlrpc 2023-05-22 07:04:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:3245 https://access.redhat.com/errata/RHSA-2023:3245
Comment 9 errata-xmlrpc 2023-05-22 07:04:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:3246 https://access.redhat.com/errata/RHSA-2023:3246
Comment 10 errata-xmlrpc 2023-05-22 07:07:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:3247 https://access.redhat.com/errata/RHSA-2023:3247
Comment 11 errata-xmlrpc 2023-05-23 09:16:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:3263 https://access.redhat.com/errata/RHSA-2023:3263
Comment 12 errata-xmlrpc 2023-05-23 14:44:21 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7

Via RHSA-2023:3280 https://access.redhat.com/errata/RHSA-2023:3280
Comment 13 errata-xmlrpc 2023-05-31 14:14:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2023:3382 https://access.redhat.com/errata/RHSA-2023:3382
Comment 14 Product Security DevOps Team 2023-05-31 18:45:26 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-29007
Note You need to log in before you can comment on or make changes to this bug.