漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Git for Windows: `git clone` from manipulated repositories can leak NTLM hashes to arbitrary servers
Vulnerability Description
Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses an attacker-controlled server. By default, NTLM authentication does not need any user interaction. By brute-forcing the NTLMv2 hash (which is expensive, but possible), credentials can be extracted. This issue has been fixed in version 2.53.0.windows.3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Git for Windows 安全漏洞
Vulnerability Description
Git for Windows是Git开源的一个专为 Windows 操作系统设计的 Git 客户端环境套件。 Git for Windows存在安全漏洞。以下产品和版本受到影响:Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3),Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8),Microsoft Visual Studio 2022 versio
CVSS Information
N/A
Vulnerability Type
N/A