Description
A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved.
Applications are only affected if they are using the ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using "Plain" versions of Open and Clone funcs (e.g. PlainClone). Applications using BoundOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS or in-memory filesystems are not affected by this issue.
This is a go-git implementation issue and does not affect the upstream git cli.
Applications are only affected if they are using the ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using "Plain" versions of Open and Clone funcs (e.g. PlainClone). Applications using BoundOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS or in-memory filesystems are not affected by this issue.
This is a go-git implementation issue and does not affect the upstream git cli.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| go-git | go-git | unaffected |
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Builds for Red Hat OpenShift | |||
| openshift-builds-controller-container | cpe:/a:redhat:openshift_builds:1.1::el9 | RHSA-2024:6221 | 2024-09-03T00:00:00Z |
| multicluster-globalhub 1.0 for RHEL 8 | |||
| multicluster-globalhub/multicluster-globalhub-grafana-rhel8:v1.0.2-4 | cpe:/a:redhat:multicluster_globalhub:1.0::el8 | RHSA-2024:0989 | 2024-02-26T00:00:00Z |
| OPENSHIFT-BUILDS-1.0-RHEL-8 | |||
| openshift-builds/openshift-builds-controller-rhel8:v1.0.1-4 | cpe:/a:redhat:openshift_builds:1.0::el8 | RHSA-2024:1557 | 2024-03-28T00:00:00Z |
| openshift-builds/openshift-builds-git-cloner-rhel8:v1.0.1-4 | cpe:/a:redhat:openshift_builds:1.0::el8 | RHSA-2024:1557 | 2024-03-28T00:00:00Z |
| openshift-builds/openshift-builds-image-bundler-rhel8:v1.0.1-4 | cpe:/a:redhat:openshift_builds:1.0::el8 | RHSA-2024:1557 | 2024-03-28T00:00:00Z |
| openshift-builds/openshift-builds-image-processing-rhel8:v1.0.1-4 | cpe:/a:redhat:openshift_builds:1.0::el8 | RHSA-2024:1557 | 2024-03-28T00:00:00Z |
| openshift-builds/openshift-builds-operator-bundle:v1.0.1-11 | cpe:/a:redhat:openshift_builds:1.0::el8 | RHSA-2024:1557 | 2024-03-28T00:00:00Z |
| openshift-builds/openshift-builds-rhel8-operator:v1.0.1-6 | cpe:/a:redhat:openshift_builds:1.0::el8 | RHSA-2024:1557 | 2024-03-28T00:00:00Z |
| openshift-builds/openshift-builds-waiters-rhel8:v1.0.1-4 | cpe:/a:redhat:openshift_builds:1.0::el8 | RHSA-2024:1557 | 2024-03-28T00:00:00Z |
| openshift-builds/openshift-builds-webhook-rhel8:v1.0.1-4 | cpe:/a:redhat:openshift_builds:1.0::el8 | RHSA-2024:1557 | 2024-03-28T00:00:00Z |
| Openshift Serverless 1 on RHEL 8 | |||
| openshift-serverless-clients-0:1.10.0-6.el8 | cpe:/a:redhat:serverless:1.0::el8 | RHSA-2024:0880 | 2024-02-20T00:00:00Z |
| Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8 | |||
| rhacm2/acm-governance-policy-addon-controller-rhel8:v2.7.11-6 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/acm-governance-policy-framework-addon-rhel8:v2.7.11-6 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/acm-grafana-rhel8:v2.7.11-6 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/acm-must-gather-rhel8:v2.7.11-5 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/acm-operator-bundle:v2.7.11-14 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/acm-prometheus-config-reloader-rhel8:v2.7.11-5 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/acm-prometheus-rhel8:v2.7.11-5 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/acm-search-indexer-rhel8:v2.7.11-4 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/acm-search-v2-api-rhel8:v2.7.11-5 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/acm-search-v2-rhel8:v2.7.11-5 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/acm-volsync-addon-controller-rhel8:v2.7.11-6 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/cert-policy-controller-rhel8:v2.7.11-7 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/cluster-backup-rhel8-operator:v2.7.11-10 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/config-policy-controller-rhel8:v2.7.11-6 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/console-rhel8:v2.7.11-6 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/endpoint-monitoring-rhel8-operator:v2.7.11-5 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/governance-policy-propagator-rhel8:v2.7.11-5 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/grafana-dashboard-loader-rhel8:v2.7.11-4 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/iam-policy-controller-rhel8:v2.7.11-7 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/insights-client-rhel8:v2.7.11-5 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/insights-metrics-rhel8:v2.7.11-6 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/klusterlet-addon-controller-rhel8:v2.7.11-5 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/kube-rbac-proxy-rhel8:v2.7.11-5 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/kube-state-metrics-rhel8:v2.7.11-5 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/memcached-exporter-rhel8:v2.7.11-5 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/memcached-rhel8:v2.7.11-5 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/metrics-collector-rhel8:v2.7.11-4 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/multicloud-integrations-rhel8:v2.7.11-6 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/multiclusterhub-rhel8:v2.7.11-7 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/multicluster-observability-rhel8-operator:v2.7.11-4 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/multicluster-operators-application-rhel8:v2.7.11-5 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/multicluster-operators-channel-rhel8:v2.7.11-5 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/multicluster-operators-subscription-rhel8:v2.7.11-6 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/node-exporter-rhel8:v2.7.11-5 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/observatorium-rhel8:v2.7.11-5 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/observatorium-rhel8-operator:v2.7.11-6 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/prometheus-alertmanager-rhel8:v2.7.11-5 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/prometheus-rhel8:v2.7.11-5 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/rbac-query-proxy-rhel8:v2.7.11-4 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/search-collector-rhel8:v2.7.11-5 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/submariner-addon-rhel8:v2.7.11-7 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/thanos-receive-controller-rhel8:v2.7.11-5 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| rhacm2/thanos-rhel8:v2.7.11-6 | cpe:/a:redhat:acm:2.7::el8 | RHSA-2024:0729 | 2024-02-07T00:00:00Z |
| Red Hat Advanced Cluster Management for Kubernetes 2.8 for RHEL 8 | |||
| rhacm2/multicluster-operators-subscription-rhel8:v2.8.5-6 | cpe:/a:redhat:acm:2.8::el8 | RHSA-2024:0820 | 2024-02-14T00:00:00Z |
| Red Hat Advanced Cluster Management for Kubernetes 2.9 for RHEL 8 | |||
| rhacm2/multicluster-operators-subscription-rhel8:v2.9.2-2 | cpe:/a:redhat:acm:2.9::el8 | RHSA-2024:0298 | 2024-01-18T00:00:00Z |
| Red Hat Advanced Cluster Security 4.3 | |||
| advanced-cluster-security/rhacs-central-db-rhel8:4.3.6-2 | cpe:/a:redhat:advanced_cluster_security:4.3::el8 | RHSA-2024:1549 | 2024-03-27T00:00:00Z |
| advanced-cluster-security/rhacs-collector-rhel8:4.3.6-3 | cpe:/a:redhat:advanced_cluster_security:4.3::el8 | RHSA-2024:1549 | 2024-03-27T00:00:00Z |
| advanced-cluster-security/rhacs-collector-slim-rhel8:4.3.6-1 | cpe:/a:redhat:advanced_cluster_security:4.3::el8 | RHSA-2024:1549 | 2024-03-27T00:00:00Z |
| advanced-cluster-security/rhacs-main-rhel8:4.3.6-4 | cpe:/a:redhat:advanced_cluster_security:4.3::el8 | RHSA-2024:1549 | 2024-03-27T00:00:00Z |
| advanced-cluster-security/rhacs-operator-bundle:4.3.6-4 | cpe:/a:redhat:advanced_cluster_security:4.3::el8 | RHSA-2024:1549 | 2024-03-27T00:00:00Z |
| advanced-cluster-security/rhacs-rhel8-operator:4.3.6-2 | cpe:/a:redhat:advanced_cluster_security:4.3::el8 | RHSA-2024:1549 | 2024-03-27T00:00:00Z |
| advanced-cluster-security/rhacs-roxctl-rhel8:4.3.6-2 | cpe:/a:redhat:advanced_cluster_security:4.3::el8 | RHSA-2024:1549 | 2024-03-27T00:00:00Z |
| advanced-cluster-security/rhacs-scanner-db-rhel8:4.3.6-3 | cpe:/a:redhat:advanced_cluster_security:4.3::el8 | RHSA-2024:1549 | 2024-03-27T00:00:00Z |
| advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.3.6-1 | cpe:/a:redhat:advanced_cluster_security:4.3::el8 | RHSA-2024:1549 | 2024-03-27T00:00:00Z |
| advanced-cluster-security/rhacs-scanner-rhel8:4.3.6-3 | cpe:/a:redhat:advanced_cluster_security:4.3::el8 | RHSA-2024:1549 | 2024-03-27T00:00:00Z |
| advanced-cluster-security/rhacs-scanner-slim-rhel8:4.3.6-3 | cpe:/a:redhat:advanced_cluster_security:4.3::el8 | RHSA-2024:1549 | 2024-03-27T00:00:00Z |
| Red Hat Ceph Storage 5.3 | |||
| ceph-2:16.2.10-266.el9cp | cpe:/a:redhat:ceph_storage:5.3::el8 | RHSA-2024:4118 | 2024-06-26T00:00:00Z |
| ceph-ansible-0:6.0.28.8-1.el8cp | cpe:/a:redhat:ceph_storage:5.3::el8 | RHSA-2024:4118 | 2024-06-26T00:00:00Z |
| Red Hat Ceph Storage 6.1 | |||
| rhceph/keepalived-rhel9:2.2.8-11 | cpe:/a:redhat:ceph_storage:6.1::el9 | RHSA-2024:2633 | 2024-05-01T00:00:00Z |
| rhceph/rhceph-6-dashboard-rhel9:6-90 | cpe:/a:redhat:ceph_storage:6.1::el9 | RHSA-2024:2633 | 2024-05-01T00:00:00Z |
| rhceph/rhceph-6-rhel9:6-311 | cpe:/a:redhat:ceph_storage:6.1::el9 | RHSA-2024:2633 | 2024-05-01T00:00:00Z |
| rhceph/rhceph-haproxy-rhel9:2.4.22-12 | cpe:/a:redhat:ceph_storage:6.1::el9 | RHSA-2024:2633 | 2024-05-01T00:00:00Z |
| rhceph/rhceph-promtail-rhel9:v2.4.0-19 | cpe:/a:redhat:ceph_storage:6.1::el9 | RHSA-2024:2633 | 2024-05-01T00:00:00Z |
| rhceph/snmp-notifier-rhel9:1.2.1-57 | cpe:/a:redhat:ceph_storage:6.1::el9 | RHSA-2024:2633 | 2024-05-01T00:00:00Z |
| Red Hat Ceph Storage 7.1 | |||
| ceph-2:18.2.1-194.el9cp | cpe:/a:redhat:ceph_storage:7.1::el8 | RHSA-2024:3925 | 2024-06-14T00:00:00Z |
| Red Hat OpenShift Container Platform 4.12 | |||
| openshift4/ose-ansible-operator:v4.12.0-202402081808.p0.g0bd975e.assembly.stream.el8 | cpe:/a:redhat:openshift:4.12::el8 | RHSA-2024:0832 | 2024-02-21T00:00:00Z |
| openshift4/ose-helm-operator:v4.12.0-202402081808.p0.g0bd975e.assembly.stream.el8 | cpe:/a:redhat:openshift:4.12::el8 | RHSA-2024:0832 | 2024-02-21T00:00:00Z |
| openshift4/ose-operator-sdk-rhel8:v4.12.0-202402081808.p0.g0bd975e.assembly.stream.el8 | cpe:/a:redhat:openshift:4.12::el8 | RHSA-2024:0832 | 2024-02-21T00:00:00Z |
| openshift4/ose-operator-lifecycle-manager:v4.12.0-202402111607.p0.g9dd28b4.assembly.stream.el8 | cpe:/a:redhat:openshift:4.12::el8 | RHSA-2024:0833 | 2024-02-21T00:00:00Z |
| openshift4/ose-operator-registry:v4.12.0-202402111607.p0.g9dd28b4.assembly.stream.el8 | cpe:/a:redhat:openshift:4.12::el8 | RHSA-2024:0833 | 2024-02-21T00:00:00Z |
| redhat/redhat-operator-index:v4.12.0-202402111607.p0.g9dd28b4.assembly.stream.el8 | cpe:/a:redhat:openshift:4.12::el8 | RHSA-2024:0833 | 2024-02-21T00:00:00Z |
| openshift4/ose-olm-rukpak-rhel8:v4.12.0-202402161937.p0.gf219ce7.assembly.stream.el8 | cpe:/a:redhat:openshift:4.12::el8 | RHSA-2024:1052 | 2024-03-06T00:00:00Z |
| openshift4/oc-mirror-plugin-rhel8:v4.12.0-202404171248.p0.g3f39dc6.assembly.stream.el8 | cpe:/a:redhat:openshift:4.12::el8 | RHSA-2024:1896 | 2024-04-25T00:00:00Z |
| Red Hat OpenShift Container Platform 4.13 | |||
| openshift4/ose-ansible-operator:v4.13.0-202402020908.p0.g01bfabb.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2024:0740 | 2024-02-14T00:00:00Z |
| openshift4/ose-helm-operator:v4.13.0-202402020908.p0.g01bfabb.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2024:0740 | 2024-02-14T00:00:00Z |
| openshift4/ose-operator-sdk-rhel8:v4.13.0-202402071637.p0.g01bfabb.assembly.stream.el8 | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2024:0740 | 2024-02-14T00:00:00Z |
| openshift4/ose-olm-rukpak-rhel8:v4.13.0-202402070238.p0.gaf47118.assembly.stream.el8 | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2024:0741 | 2024-02-14T00:00:00Z |
| openshift4/ose-operator-lifecycle-manager:v4.13.0-202402081808.p0.g4cc5232.assembly.stream.el8 | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2024:0845 | 2024-02-21T00:00:00Z |
| openshift4/ose-operator-registry:v4.13.0-202402081808.p0.g4cc5232.assembly.stream.el8 | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2024:0845 | 2024-02-21T00:00:00Z |
| openshift4/oc-mirror-plugin-rhel8:v4.13.0-202404200313.p0.g02367d7.assembly.stream.el8 | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2024:2047 | 2024-05-02T00:00:00Z |
| Red Hat OpenShift Container Platform 4.14 | |||
| openshift4/ose-ansible-operator:v4.14.0-202401301709.p0.g0f0d1b2.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2024:0641 | 2024-02-07T00:00:00Z |
| openshift4/ose-helm-operator:v4.14.0-202401301709.p0.g0f0d1b2.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2024:0641 | 2024-02-07T00:00:00Z |
| openshift4/ose-operator-sdk-rhel8:v4.14.0-202401301709.p0.g0f0d1b2.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2024:0641 | 2024-02-07T00:00:00Z |
| openshift4/ose-olm-catalogd-rhel8:v4.14.0-202401292111.p0.ga333cb0.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2024:0642 | 2024-02-07T00:00:00Z |
| openshift4/ose-olm-operator-controller-rhel8:v4.14.0-202401292111.p0.gfb6fb27.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2024:0642 | 2024-02-07T00:00:00Z |
| openshift4/ose-operator-lifecycle-manager:v4.14.0-202402010409.p0.gb831504.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2024:0642 | 2024-02-07T00:00:00Z |
| openshift4/ose-operator-registry:v4.14.0-202402010409.p0.gb831504.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2024:0642 | 2024-02-07T00:00:00Z |
| redhat/redhat-operator-index:v4.14.0-202402010409.p0.gb831504.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2024:0642 | 2024-02-07T00:00:00Z |
| openshift4/ose-olm-rukpak-rhel8:v4.14.0-202402060410.p0.g2287fb2.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2024:0735 | 2024-02-13T00:00:00Z |
| openshift4/oc-mirror-plugin-rhel8:v4.14.0-202404161544.p0.ga0733c1.assembly.stream.el8 | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2024:1891 | 2024-04-26T00:00:00Z |
| Red Hat OpenShift Container Platform 4.15 | |||
| openshift4/ose-ansible-operator:v4.15.0-202402082307.p0.g08d08dd.assembly.stream.el8 | cpe:/a:redhat:openshift:4.15::el8 | RHSA-2023:7197 | 2024-02-27T00:00:00Z |
| openshift4/ose-helm-operator:v4.15.0-202402082307.p0.g08d08dd.assembly.stream.el8 | cpe:/a:redhat:openshift:4.15::el8 | RHSA-2023:7197 | 2024-02-27T00:00:00Z |
| openshift4/ose-operator-sdk-rhel8:v4.15.0-202402210637.p0.g08d08dd.assembly.stream.el8 | cpe:/a:redhat:openshift:4.15::el8 | RHSA-2023:7197 | 2024-02-27T00:00:00Z |
| openshift4/ose-olm-catalogd-rhel8:v4.15.0-202402082307.p0.gc1a9a8e.assembly.stream.el8 | cpe:/a:redhat:openshift:4.15::el8 | RHSA-2023:7198 | 2024-02-27T00:00:00Z |
| openshift4/ose-olm-operator-controller-rhel8:v4.15.0-202402082307.p0.ge290693.assembly.stream.el8 | cpe:/a:redhat:openshift:4.15::el8 | RHSA-2023:7198 | 2024-02-27T00:00:00Z |
| openshift4/ose-olm-rukpak-rhel8:v4.15.0-202402082307.p0.g36acf8d.assembly.stream.el8 | cpe:/a:redhat:openshift:4.15::el8 | RHSA-2023:7198 | 2024-02-27T00:00:00Z |
| openshift4/ose-operator-lifecycle-manager-rhel9:v4.15.0-202402131807.p0.g0e8b957.assembly.stream.el9 | cpe:/a:redhat:openshift:4.15::el8 | RHSA-2023:7198 | 2024-02-27T00:00:00Z |
| openshift4/ose-operator-registry-rhel9:v4.15.0-202402131807.p0.g0e8b957.assembly.stream.el9 | cpe:/a:redhat:openshift:4.15::el8 | RHSA-2023:7198 | 2024-02-27T00:00:00Z |
| openshift4/oc-mirror-plugin-rhel9:v4.15.0-202410230304.p0.ge91f573.assembly.stream.el9 | cpe:/a:redhat:openshift:4.15::el9 | RHSA-2024:8425 | 2024-10-31T00:00:00Z |
| Red Hat OpenShift Container Platform 4.16 | |||
| openshift4/ose-ansible-operator:v4.16.0-202406130637.p0.g4194617.assembly.stream.el8 | cpe:/a:redhat:openshift:4.16::el8 | RHSA-2024:0040 | 2024-06-27T00:00:00Z |
| openshift4/ose-helm-rhel9-operator:v4.16.0-202406131906.p0.g4194617.assembly.stream.el9 | cpe:/a:redhat:openshift:4.16::el8 | RHSA-2024:0040 | 2024-06-27T00:00:00Z |
| openshift4/ose-operator-sdk-rhel9:v4.16.0-202406131906.p0.g4194617.assembly.stream.el9 | cpe:/a:redhat:openshift:4.16::el8 | RHSA-2024:0040 | 2024-06-27T00:00:00Z |
| openshift4/oc-mirror-plugin-rhel9:v4.16.0-202406131906.p0.g7c0889f.assembly.stream.el9 | cpe:/a:redhat:openshift:4.16::el9 | RHSA-2024:0041 | 2024-06-27T00:00:00Z |
| openshift4/ose-olm-catalogd-rhel9:v4.16.0-202406131906.p0.g79975a5.assembly.stream.el9 | cpe:/a:redhat:openshift:4.16::el9 | RHSA-2024:0041 | 2024-06-27T00:00:00Z |
| openshift4/ose-olm-operator-controller-rhel9:v4.16.0-202406131906.p0.g80b8649.assembly.stream.el9 | cpe:/a:redhat:openshift:4.16::el9 | RHSA-2024:0041 | 2024-06-27T00:00:00Z |
| openshift4/ose-olm-rukpak-rhel9:v4.16.0-202406131906.p0.g282cc84.assembly.stream.el9 | cpe:/a:redhat:openshift:4.16::el9 | RHSA-2024:0041 | 2024-06-27T00:00:00Z |
| openshift4/ose-operator-lifecycle-manager-rhel9:v4.16.0-202406131906.p0.g1aacee6.assembly.stream.el9 | cpe:/a:redhat:openshift:4.16::el9 | RHSA-2024:0041 | 2024-06-27T00:00:00Z |
| openshift4/ose-operator-registry-rhel9:v4.16.0-202406131906.p0.g1aacee6.assembly.stream.el9 | cpe:/a:redhat:openshift:4.16::el9 | RHSA-2024:0041 | 2024-06-27T00:00:00Z |
| redhat/redhat-operator-index:v4.16.0-202406131906.p0.g1aacee6.assembly.stream.el9 | cpe:/a:redhat:openshift:4.16::el9 | RHSA-2024:0041 | 2024-06-27T00:00:00Z |
| Red Hat OpenShift GitOps 1.10 | |||
| openshift-gitops-1/argocd-rhel8:v1.10.2-2 | cpe:/a:redhat:openshift_gitops:1.10::el8 | RHSA-2024:0692 | 2024-02-05T00:00:00Z |
| openshift-gitops-1/argo-rollouts-rhel8:v1.10.2-2 | cpe:/a:redhat:openshift_gitops:1.10::el8 | RHSA-2024:0692 | 2024-02-05T00:00:00Z |
| openshift-gitops-1/console-plugin-rhel8:v1.10.2-2 | cpe:/a:redhat:openshift_gitops:1.10::el8 | RHSA-2024:0692 | 2024-02-05T00:00:00Z |
| openshift-gitops-1/dex-rhel8:v1.10.2-2 | cpe:/a:redhat:openshift_gitops:1.10::el8 | RHSA-2024:0692 | 2024-02-05T00:00:00Z |
| openshift-gitops-1/gitops-operator-bundle:v1.10.2-2 | cpe:/a:redhat:openshift_gitops:1.10::el8 | RHSA-2024:0692 | 2024-02-05T00:00:00Z |
| openshift-gitops-1/gitops-rhel8:v1.10.2-2 | cpe:/a:redhat:openshift_gitops:1.10::el8 | RHSA-2024:0692 | 2024-02-05T00:00:00Z |
| openshift-gitops-1/gitops-rhel8-operator:v1.10.2-2 | cpe:/a:redhat:openshift_gitops:1.10::el8 | RHSA-2024:0692 | 2024-02-05T00:00:00Z |
| openshift-gitops-1/kam-delivery-rhel8:v1.10.2-2 | cpe:/a:redhat:openshift_gitops:1.10::el8 | RHSA-2024:0692 | 2024-02-05T00:00:00Z |
| openshift-gitops-1/must-gather-rhel8:v1.10.2-2 | cpe:/a:redhat:openshift_gitops:1.10::el8 | RHSA-2024:0692 | 2024-02-05T00:00:00Z |
| RHOSS-1.31-RHEL-8 | |||
| openshift-serverless-1/client-kn-rhel8:1.10.0-5 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8:1.10.0-4 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/eventing-controller-rhel8:1.10.0-4 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/eventing-in-memory-channel-controller-rhel8:1.10.0-4 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8:1.10.0-4 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/eventing-istio-controller-rhel8:1.10.0-5 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/eventing-kafka-broker-controller-rhel8:1.10.0-3 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8:1.10.0-3 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/eventing-kafka-broker-post-install-rhel8:1.10.0-3 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/eventing-kafka-broker-receiver-rhel8:1.10.0-3 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/eventing-kafka-broker-webhook-rhel8:1.10.0-3 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/eventing-mtbroker-filter-rhel8:1.10.0-4 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/eventing-mtbroker-ingress-rhel8:1.10.0-4 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/eventing-mtchannel-broker-rhel8:1.10.0-4 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/eventing-mtping-rhel8:1.10.0-4 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/eventing-storage-version-migration-rhel8:1.10.0-4 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/eventing-webhook-rhel8:1.10.0-4 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/func-utils-rhel8:1.31.1-2 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/ingress-rhel8-operator:1.31.1-2 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/knative-rhel8-operator:1.31.1-2 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/kn-cli-artifacts-rhel8:1.10.0-3 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/kourier-control-rhel8:1.10.0-4 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/net-istio-controller-rhel8:1.10.0-4 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/net-istio-webhook-rhel8:1.10.0-4 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/serverless-operator-bundle:1.31.1-1 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/serverless-rhel8-operator:1.31.1-2 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/serving-activator-rhel8:1.10.0-4 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/serving-autoscaler-hpa-rhel8:1.10.0-4 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/serving-autoscaler-rhel8:1.10.0-4 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/serving-controller-rhel8:1.10.0-4 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/serving-domain-mapping-rhel8:1.10.0-4 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/serving-domain-mapping-webhook-rhel8:1.10.0-4 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/serving-queue-rhel8:1.10.0-4 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/serving-storage-version-migration-rhel8:1.10.0-4 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/serving-webhook-rhel8:1.10.0-4 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1/svls-must-gather-rhel8:1.31.1-2 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1-tech-preview/eventing-istio-controller-rhel8:1.10.0-5 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8:1.10.0-4 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1-tech-preview/logic-swf-builder-rhel8:1.31.0-5 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| openshift-serverless-1-tech-preview/logic-swf-devmode-rhel8:1.31.0-4 | cpe:/a:redhat:openshift_serverless:1.31::el8 | RHSA-2024:0843 | 2024-02-15T00:00:00Z |
| Builds for Red Hat OpenShift 1.1.1 | |||
| registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9:sha256:a911fd84b3d9bf2ec221660507f4f234ec1ecfc232e9a511a4bd18a2598783df | cpe:/a:redhat:openshift_builds:1.1::el9 | RHSA-2024:5013 | 2024-08-05T00:00:00Z |
No data available yet.
Remediation
Vendor Solution
An update to version 5.11 fixes the issue
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2024-0238 | A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using "Plain" versions of Open and Clone funcs (e.g. PlainClone). Applications using BoundOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS or in-memory filesystems are not affected by this issue. This is a go-git implementation issue and does not affect the upstream git cli. |
 Github GHSA |
GHSA-449p-3h89-pw88 | Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients |
References
History
Thu, 20 Mar 2025 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs |
Thu, 14 Nov 2024 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 31 Oct 2024 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:/a:redhat:openshift:4.15::el9 |
Fri, 06 Sep 2024 14:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:/a:redhat:openshift_builds:1.1::el9 |
Subscriptions
MITRE
Status: PUBLISHED
Assigner: Bitdefender
Published:
Updated: 2024-11-14T14:34:02.845Z
Reserved: 2023-11-27T14:21:51.157Z
Link: CVE-2023-49569
Vulnrichment
Updated: 2024-08-02T22:01:25.499Z
NVD
Status : Modified
Published: 2024-01-12T11:15:13.250
Modified: 2024-11-21T08:33:34.583
Link: CVE-2023-49569
Redhat
OpenCVE Enrichment
No data.
Weaknesses