CVE-2020-11008 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Information disclosure
Description	A vulnerability has been found in git before 2.26.2. With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential information that is not appropriate for the protocol in use and host being contacted. Unlike the vulnerability CVE-2020-5260 fixed in v2.26.1, the credentials are not for a host of the attacker's choosing; instead, they are for some unspecified host (based on how the configured credential helper handles an absent "host" parameter). The attack has been made impossible by refusing to work with under-specified credential patterns.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1138	git	2.26.1-1	2.26.2-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
22 Apr 2020	ASA-202004-21	AVG-1138	git	High	information disclosure

References
https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7 https://github.com/git/git/compare/v2.17.4...v2.17.5