CVE-2022-24975

NameCVE-2022-24975
DescriptionThe --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
git (PTS)buster1:2.20.1-2+deb10u3vulnerable
buster (security)1:2.20.1-2+deb10u7vulnerable
bullseye1:2.30.2-1vulnerable
bullseye (security)1:2.30.2-1+deb11u1vulnerable
bookworm, sid1:2.39.1-0.1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gitsource(unstable)(unfixed)unimportant

Notes

https://wwws.nightwatchcybersecurity.com/2022/02/11/gitbleed/
CVE is specifically about --mirror documentation not mentioning the availability
of deleted content.
Search for package or bug name: Reporting problems