How severe is CVE-2022-29187?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2022-29187?

This is classified as CWE-282, which is a common weakness in software security.

CVE-2022-29187

HIGH Year: 2022

CVSS v3 Score

7.8

High

CVSS v2 Score

6.9

Medium

Weakness Type

CWE-282

View all →

Vulnerability Description

Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.

CVE-2017-12189

HIGH

CVSS:7.8(High)

It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This iss...

CWE-2822017

CVE-2023-0386

HIGH

CVSS:7.8(High)

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable...

CWE-2822023

CVE-2024-37999

HIGH

CVSS:7.8(High)

A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions). The affected application executes as a trusted account with high privileges and network access. This could allow ...

CWE-2822024

CVE-2024-39755

HIGH

CVSS:7.8(High)

A privilege escalation vulnerability exists in the node update functionality of Veertu Anka Build 1.42.0. A specially crafted PKG file can lead to execute priviledged operation. An attacker can make a...

CWE-2822024

CVE-2024-8949

MEDIUM

CVSS:8.8(High)

A vulnerability classified as critical has been found in SourceCodester Online Eyewear Shop 1.0. This affects an unknown part of the file /classes/Master.php of the component Cart Content Handler. The...

CWE-2822024

CVE-2022-0026

MEDIUM

CVSS:6.7(Medium)

A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows r...

CWE-2822022

CVE-2022-29187

Vulnerability Description

Related Vulnerabilities

CVE-2017-12189

CVE-2023-0386

CVE-2024-37999

CVE-2024-39755

CVE-2024-8949

CVE-2022-0026