U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2020-11008

Change History

Initial Analysis 4/30/2020 3:32:16 PM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
     *cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
     *cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
     *cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
     *cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
     *cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:git:git:*:*:*:*:*:*:*:* versions up to (excluding) 2.17.5
     *cpe:2.3:a:git:git:*:*:*:*:*:*:*:* versions from (including) 2.18.0 up to (excluding) 2.18.4
     *cpe:2.3:a:git:git:*:*:*:*:*:*:*:* versions from (including) 2.19.0 up to (excluding) 2.19.5
     *cpe:2.3:a:git:git:*:*:*:*:*:*:*:* versions from (including) 2.20.0 up to (excluding) 2.20.4
     *cpe:2.3:a:git:git:*:*:*:*:*:*:*:* versions from (including) 2.21.0 up to (excluding) 2.21.3
     *cpe:2.3:a:git:git:*:*:*:*:*:*:*:* versions from (including) 2.22.0 up to (excluding) 2.22.4
     *cpe:2.3:a:git:git:*:*:*:*:*:*:*:* versions from (including) 2.23.0 up to (excluding) 2.23.3
     *cpe:2.3:a:git:git:*:*:*:*:*:*:*:* versions from (including) 2.24.0 up to (excluding) 2.24.3
     *cpe:2.3:a:git:git:*:*:*:*:*:*:*:* versions from (including) 2.25.0 up to (excluding) 2.25.4
     *cpe:2.3:a:git:git:*:*:*:*:*:*:*:* versions from (including) 2.26.0 up to (excluding) 2.26.2
Added CVSS V2

								
							
							
						
NIST (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Added CVSS V3.1

								
							
							
						
NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Added CWE

								
							
							
						
NIST CWE-522
Changed Reference Type
https://github.com/git/git/commit/c44088ecc4b0722636e0a305f9608d3047197282 No Types Assigned
https://github.com/git/git/commit/c44088ecc4b0722636e0a305f9608d3047197282 Patch, Third Party Advisory
Changed Reference Type
https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7 No Types Assigned
https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7 Patch, Third Party Advisory
Changed Reference Type
https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q No Types Assigned
https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q Mitigation, Patch, Third Party Advisory
Changed Reference Type
https://lists.debian.org/debian-lts-announce/2020/04/msg00015.html No Types Assigned
https://lists.debian.org/debian-lts-announce/2020/04/msg00015.html Mailing List, Third Party Advisory
Changed Reference Type
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MOCTR2SEHCPSCOVUQJAGFPGKFMI2VE6V/ No Types Assigned
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MOCTR2SEHCPSCOVUQJAGFPGKFMI2VE6V/ Third Party Advisory
Changed Reference Type
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PN3FUOXKX3AXTULYV53ACABER2W2FSOU/ No Types Assigned
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PN3FUOXKX3AXTULYV53ACABER2W2FSOU/ Third Party Advisory
Changed Reference Type
https://security.gentoo.org/glsa/202004-13 No Types Assigned
https://security.gentoo.org/glsa/202004-13 Third Party Advisory
Changed Reference Type
https://usn.ubuntu.com/4334-1/ No Types Assigned
https://usn.ubuntu.com/4334-1/ Third Party Advisory