Debian
CVE-2024-32478
MEDIUM
Severity by source
AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
Primary rating from Vendor (github) · only source for this CVE.
CVSS VectorVendor: github
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionCVE.org
Git Credential Manager (GCM) is a secure Git credential helper. Prior to 2.5.0, the Debian package does not set root ownership on installed files. This allows user 1001 on a multi-user system can replace binary and gain other users' privileges. This vulnerability is fixed in 2.5.0.
AnalysisAI
Git Credential Manager (GCM) is a secure Git credential helper. Rated medium severity (CVSS 6.9). No vendor patch available.
Technical ContextAI
This vulnerability is classified as Incorrect Permission Assignment (CWE-732), which allows attackers to access resources due to misconfigured permissions. Git Credential Manager (GCM) is a secure Git credential helper. Prior to 2.5.0, the Debian package does not set root ownership on installed files. This allows user 1001 on a multi-user system can replace binary and gain other users' privileges. This vulnerability is fixed in 2.5.0. Version information: Prior to 2.5.0.
Affected ProductsAI
See vendor advisory for affected versions.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and restrict file/resource permissions, apply principle of least privilege.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today