Arbitrary File Overwrite Vulnerability in git-changelog Utility

Arbitrary File Overwrite Vulnerability in git-changelog Utility

CVE-2012-6114 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

The git-changelog utility in git-extras 1.7.0 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/changelog or (2) /tmp/.git-effort.

Learn more about our User Device Pen Test.