rpm package
opensuse/obs-scm-bridge&distro=openSUSE Leap 15.6
pkg:rpm/opensuse/obs-scm-bridge&distro=openSUSE%20Leap%2015.6
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-46835 | Hig | 8.5 | < 0.7.4-150600.14.4.1 | 0.7.4-150600.14.4.1 | Jul 10, 2025 | Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user ha | |
| CVE-2025-27614 | Hig | 8.6 | < 0.7.4-150600.14.4.1 | 0.7.4-150600.14.4.1 | Jul 10, 2025 | Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the at | |
| CVE-2025-27613 | Low | 3.6 | < 0.7.4-150600.14.4.1 | 0.7.4-150600.14.4.1 | Jul 10, 2025 | Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must ha | |
| CVE-2025-48385 | Hig | — | < 0.7.4-150600.14.4.1 | 0.7.4-150600.14.4.1 | Jul 8, 2025 | Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows th | |
| CVE-2025-48384 | — | KEV | < 0.7.4-150600.14.4.1 | 0.7.4-150600.14.4.1 | Jul 8, 2025 | Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config | |
| CVE-2024-22038 | Hig | 7.3 | < 0.5.4-150100.3.6.1 | 0.5.4-150100.3.6.1 | Nov 28, 2024 | Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service. |
- affected < 0.7.4-150600.14.4.1fixed 0.7.4-150600.14.4.1
Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user ha
- affected < 0.7.4-150600.14.4.1fixed 0.7.4-150600.14.4.1
Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the at
- affected < 0.7.4-150600.14.4.1fixed 0.7.4-150600.14.4.1
Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must ha
- affected < 0.7.4-150600.14.4.1fixed 0.7.4-150600.14.4.1
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows th
- affected < 0.7.4-150600.14.4.1fixed 0.7.4-150600.14.4.1
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config
- affected < 0.5.4-150100.3.6.1fixed 0.5.4-150100.3.6.1
Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service.