发布时间: 2023年2月20日
修改时间: 2023年2月20日
Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, by carefully crafting DLL and putting into a subdirectory of a specific name living next to the Git for Windows installer, Windows can be tricked into side-loading said DLL. This potentially allows users with local write access to place malicious payloads in a location where automated upgrades might run the Git for Windows installer with elevation. Version 2.39.2 contains a patch for this issue. Some workarounds are available. Never leave untrusted files in the Downloads folder or its sub-folders before executing the Git for Windows installer, or move the installer into a different directory before executing it.
| NVD | openEuler | |
|---|---|---|
| CVSS评分 | 7.2 | 7.2 |
| Attack Vector | Local | Local |
| Attack Complexity | High | High |
| Privileges Required | High | High |
| User Interaction | Required | Required |
| Scope | Changed | Changed |
| Confidentiality | High | High |
| Integrity | High | High |
| Availability | High | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2023-1092 | Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, by carefully crafting DLL and putting into a subdirectory of a specific name living next to the Git for Windows installer, Windows can be tricked into side-loading said DLL. This potentially allows users with local write access to place malicious payloads in a location where automated upgrades might run the Git for Windows installer with elevation. Version 2.39.2 contains a patch for this issue. Some workarounds are available. Never leave untrusted files in the Downloads folder or its sub-folders before executing the Git for Windows installer, or move the installer into a different directory before executing it. | 2023年2月20日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | git | Unaffected |
| KY3.4-5A | git | Unaffected |
| KY3.5.1 | git | Unaffected |
| KY3.5.2 | git | Unaffected |
