How severe is CVE-2024-32020?

This vulnerability has a severity rating of LOW with a CVSS score of 3.9 out of 10.

What type of vulnerability is CVE-2024-32020?

This is classified as CWE-281, which is a common weakness in software security.

CVE-2024-32020 - LOW Severity | CVSS 3.9

Vulnerability Description

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user. Cloning local repositories will cause Git to either copy or hardlink files of the source repository into the target repository. This significantly speeds up such local clones compared to doing a "proper" clone and saves both disk space and compute time. When cloning a repository located on the same disk that is owned by a different user than the current user we also end up creating such hardlinks. These files will continue to be owned and controlled by the potentially-untrusted user and can be rewritten by them at will in the future. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4.

Related Vulnerabilities

CVE-2022-36062

LOW

CVSS:3.8(Low)

Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege es...

CWE-2812022

CVE-2024-36062

MEDIUM

CVSS:4.0(Medium)

The com.callassistant.android (aka AI Call Assistant & Screener) application 1.174 for Android enables any installed application (with no permissions) to place phone calls without user interaction by ...

CWE-2812024

CVE-2025-0914

LOW

CVSS:3.8(Low)

An improper access control issue in the VQL shell feature in Velociraptor Versions < 0.73.4 allowed authenticated users to execute the execve() plugin in deployments where this was explicitly forbidde...

CWE-2812025

CVE-2024-38361

LOW

CVSS:3.7(Low)

Spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Use of an exclusion under an arrow that has multiple resources ...

CWE-2812024

CVE-2017-5033

MEDIUM

CVSS:4.3(Medium)

Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote atta...

CWE-2812017

CVE-2019-14956

MEDIUM

CVSS:4.3(Medium)

JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names.

CWE-2812019