Privilege Escalation via Repository Name in Git

Privilege Escalation via Repository Name in Git

CVE-2017-8386 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.

Learn more about our User Device Pen Test.