{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/centos-stream8els/vex/2024/cve-2024-52005-els_os-centos-stream8els.json" } ], "title": "Security update on CVE-2024-52005", "tracking": { "current_release_date": "2025-12-23T20:02:11Z", "generator": { "date": "2025-12-23T20:02:11Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2024-52005-ELS_OS-CENTOS-STREAM8ELS", "initial_release_date": "2024-01-01T00:00:00Z", "revision_history": [ { "date": "2024-01-01T00:00:00Z", "number": "1", "summary": "Initial version" }, { "date": "2025-06-12T15:53:45Z", "number": "2", "summary": "Official Publication" }, { "date": "2025-12-23T20:02:11Z", "number": "3", "summary": "Update document" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 8", "product": { "name": "Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:8:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "git-credential-libsecret-0:2.43.0-1.el8.tuxcare.els3.x86_64", "product": { "name": "git-credential-libsecret-0:2.43.0-1.el8.tuxcare.els3.x86_64", "product_id": "git-credential-libsecret-0:2.43.0-1.el8.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/git-credential-libsecret@2.43.0-1.el8.tuxcare.els3?arch=x86_64" } } }, { "category": "product_version", "name": "git-daemon-0:2.43.0-1.el8.tuxcare.els3.x86_64", "product": { "name": "git-daemon-0:2.43.0-1.el8.tuxcare.els3.x86_64", "product_id": "git-daemon-0:2.43.0-1.el8.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/git-daemon@2.43.0-1.el8.tuxcare.els3?arch=x86_64" } } }, { "category": "product_version", "name": "git-subtree-0:2.43.0-1.el8.tuxcare.els3.x86_64", "product": { "name": "git-subtree-0:2.43.0-1.el8.tuxcare.els3.x86_64", "product_id": "git-subtree-0:2.43.0-1.el8.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/git-subtree@2.43.0-1.el8.tuxcare.els3?arch=x86_64" } } }, { "category": "product_version", "name": "git-0:2.43.0-1.el8.tuxcare.els3.x86_64", "product": { "name": "git-0:2.43.0-1.el8.tuxcare.els3.x86_64", "product_id": "git-0:2.43.0-1.el8.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/git@2.43.0-1.el8.tuxcare.els3?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "git-core-doc-0:2.43.0-1.el8.tuxcare.els3.noarch", "product": { "name": "git-core-doc-0:2.43.0-1.el8.tuxcare.els3.noarch", "product_id": "git-core-doc-0:2.43.0-1.el8.tuxcare.els3.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/git-core-doc@2.43.0-1.el8.tuxcare.els3?arch=noarch" } } }, { "category": "product_version", "name": "git-gui-0:2.43.0-1.el8.tuxcare.els3.noarch", "product": { "name": "git-gui-0:2.43.0-1.el8.tuxcare.els3.noarch", "product_id": "git-gui-0:2.43.0-1.el8.tuxcare.els3.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/git-gui@2.43.0-1.el8.tuxcare.els3?arch=noarch" } } }, { "category": "product_version", "name": "gitk-0:2.43.0-1.el8.tuxcare.els3.noarch", "product": { "name": "gitk-0:2.43.0-1.el8.tuxcare.els3.noarch", "product_id": "gitk-0:2.43.0-1.el8.tuxcare.els3.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/gitk@2.43.0-1.el8.tuxcare.els3?arch=noarch" } } }, { "category": "product_version", "name": "git-svn-0:2.43.0-1.el8.tuxcare.els3.noarch", "product": { "name": "git-svn-0:2.43.0-1.el8.tuxcare.els3.noarch", "product_id": "git-svn-0:2.43.0-1.el8.tuxcare.els3.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/git-svn@2.43.0-1.el8.tuxcare.els3?arch=noarch" } } }, { "category": "product_version", "name": "git-instaweb-0:2.43.0-1.el8.tuxcare.els3.noarch", "product": { "name": "git-instaweb-0:2.43.0-1.el8.tuxcare.els3.noarch", "product_id": "git-instaweb-0:2.43.0-1.el8.tuxcare.els3.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/git-instaweb@2.43.0-1.el8.tuxcare.els3?arch=noarch" } } }, { "category": "product_version", "name": "git-all-0:2.43.0-1.el8.tuxcare.els3.noarch", "product": { "name": "git-all-0:2.43.0-1.el8.tuxcare.els3.noarch", "product_id": "git-all-0:2.43.0-1.el8.tuxcare.els3.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/git-all@2.43.0-1.el8.tuxcare.els3?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "git-credential-libsecret-0:2.43.0-1.el8.tuxcare.els3.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:git-credential-libsecret-0:2.43.0-1.el8.tuxcare.els3.x86_64" }, "product_reference": "git-credential-libsecret-0:2.43.0-1.el8.tuxcare.els3.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "git-core-doc-0:2.43.0-1.el8.tuxcare.els3.noarch as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:git-core-doc-0:2.43.0-1.el8.tuxcare.els3.noarch" }, "product_reference": "git-core-doc-0:2.43.0-1.el8.tuxcare.els3.noarch", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "git-daemon-0:2.43.0-1.el8.tuxcare.els3.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:git-daemon-0:2.43.0-1.el8.tuxcare.els3.x86_64" }, "product_reference": "git-daemon-0:2.43.0-1.el8.tuxcare.els3.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "git-gui-0:2.43.0-1.el8.tuxcare.els3.noarch as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:git-gui-0:2.43.0-1.el8.tuxcare.els3.noarch" }, "product_reference": "git-gui-0:2.43.0-1.el8.tuxcare.els3.noarch", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "gitk-0:2.43.0-1.el8.tuxcare.els3.noarch as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:gitk-0:2.43.0-1.el8.tuxcare.els3.noarch" }, "product_reference": "gitk-0:2.43.0-1.el8.tuxcare.els3.noarch", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "git-svn-0:2.43.0-1.el8.tuxcare.els3.noarch as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:git-svn-0:2.43.0-1.el8.tuxcare.els3.noarch" }, "product_reference": "git-svn-0:2.43.0-1.el8.tuxcare.els3.noarch", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "git-instaweb-0:2.43.0-1.el8.tuxcare.els3.noarch as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:git-instaweb-0:2.43.0-1.el8.tuxcare.els3.noarch" }, "product_reference": "git-instaweb-0:2.43.0-1.el8.tuxcare.els3.noarch", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "git-subtree-0:2.43.0-1.el8.tuxcare.els3.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:git-subtree-0:2.43.0-1.el8.tuxcare.els3.x86_64" }, "product_reference": "git-subtree-0:2.43.0-1.el8.tuxcare.els3.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "git-0:2.43.0-1.el8.tuxcare.els3.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:git-0:2.43.0-1.el8.tuxcare.els3.x86_64" }, "product_reference": "git-0:2.43.0-1.el8.tuxcare.els3.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "git-all-0:2.43.0-1.el8.tuxcare.els3.noarch as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:git-all-0:2.43.0-1.el8.tuxcare.els3.noarch" }, "product_reference": "git-all-0:2.43.0-1.el8.tuxcare.els3.noarch", "relates_to_product_reference": "CentOS-Stream-8" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-52005", "notes": [ { "category": "description", "text": "Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported from the remote Git process to the client via the so-called \"sideband channel\". These messages will be prefixed with \"remote:\" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information, or to mislead the user into executing untrusted scripts. As requested on the git-security mailing list, the patches are under discussion on the public mailing list. Users are advised to update as soon as possible. Users unable to upgrade should avoid recursive clones unless they are from trusted sources.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:git-credential-libsecret-0:2.43.0-1.el8.tuxcare.els3.x86_64", "CentOS-Stream-8:git-core-doc-0:2.43.0-1.el8.tuxcare.els3.noarch", "CentOS-Stream-8:git-daemon-0:2.43.0-1.el8.tuxcare.els3.x86_64", "CentOS-Stream-8:git-gui-0:2.43.0-1.el8.tuxcare.els3.noarch", "CentOS-Stream-8:gitk-0:2.43.0-1.el8.tuxcare.els3.noarch", "CentOS-Stream-8:git-svn-0:2.43.0-1.el8.tuxcare.els3.noarch", "CentOS-Stream-8:git-instaweb-0:2.43.0-1.el8.tuxcare.els3.noarch", "CentOS-Stream-8:git-subtree-0:2.43.0-1.el8.tuxcare.els3.x86_64", "CentOS-Stream-8:git-0:2.43.0-1.el8.tuxcare.els3.x86_64", "CentOS-Stream-8:git-all-0:2.43.0-1.el8.tuxcare.els3.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-52005" } ], "release_date": "2025-01-15T17:35:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:git-credential-libsecret-0:2.43.0-1.el8.tuxcare.els3.x86_64", "CentOS-Stream-8:git-core-doc-0:2.43.0-1.el8.tuxcare.els3.noarch", "CentOS-Stream-8:git-daemon-0:2.43.0-1.el8.tuxcare.els3.x86_64", "CentOS-Stream-8:git-gui-0:2.43.0-1.el8.tuxcare.els3.noarch", "CentOS-Stream-8:gitk-0:2.43.0-1.el8.tuxcare.els3.noarch", "CentOS-Stream-8:git-svn-0:2.43.0-1.el8.tuxcare.els3.noarch", "CentOS-Stream-8:git-instaweb-0:2.43.0-1.el8.tuxcare.els3.noarch", "CentOS-Stream-8:git-subtree-0:2.43.0-1.el8.tuxcare.els3.x86_64", "CentOS-Stream-8:git-0:2.43.0-1.el8.tuxcare.els3.x86_64", "CentOS-Stream-8:git-all-0:2.43.0-1.el8.tuxcare.els3.noarch" ] } ], "threats": [ { "category": "impact", "details": "High" } ] } ] }