admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2025/CVE-2025-226xx/CVE-2025-22620.json
cad-safe-bot 0c245865ae Auto-Update: 2025-01-26T03:00:19.791548+00:00
2025-01-26 03:03:52 +00:00

64 lines
2.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2025-22620",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-01-20T16:15:28.017",
"lastModified": "2025-01-20T16:15:28.017",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. This causes files in a repository to be world-writable in some situations. This vulnerability is fixed in 0.17.0."
},
{
"lang": "es",
"value": "gitoxide es una implementaci\u00f3n de git escrita en Rust. Antes de la versi\u00f3n 0.17.0, gix-worktree-state especifica permisos 0777 al extraer archivos ejecutables, con la intenci\u00f3n de que la m\u00e1scara de usuario los restrinja de manera adecuada. Pero una de las estrategias que utiliza para establecer permisos no est\u00e1 sujeta a la m\u00e1scara de usuario. Esto hace que los archivos de un repositorio sean modificables por todo el mundo en algunas situaciones. Esta vulnerabilidad se solucion\u00f3 en la versi\u00f3n 0.17.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-281"
},
{
"lang": "en",
"value": "CWE-687"
}
]
}
],
"references": [
{
"url": "https://github.com/GitoxideLabs/gitoxide/security/advisories/GHSA-fqmf-w4xh-33rh",
"source": "security-advisories@github.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink