Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem. This can happen on checkout (DirCacheCheckout), merge (ResolveMerger via its WorkingTreeUpdater), pull (PullCommand using merge), and when applying a patch (PatchApplier). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command. The issue occurs only on case-insensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration. Setting git configuration option core.symlinks = false before checking out avoids the problem. The issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via Maven Central https://repo1.maven.org/maven2/org/eclipse/jgit/ and repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit-releases/ . A backport is available in 5.13.3 starting from 5.13.3.202401111512-r. The JGit maintainers would like to thank RyotaK for finding and reporting this issue.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1193 advisory.

    Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly     application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.1 serves as a     replacement for Red Hat JBoss Enterprise Application Platform 8.0.0, and includes bug fixes and     enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.0 Release Notes for information     about the most significant bug fixes and enhancements included in this release.

    Security Fix(es):

    * jgit: arbitrary file overwrite (CVE-2023-4759)

    * sshd-common: apache-mina-sshd: information exposure in SFTP server implementations (CVE-2023-35887)

    * parsson: Denial of Service due to large number parsing (CVE-2023-4043)

    * apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (CVE-2023-48795)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1192 advisory.

    Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly     application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.1 serves as a     replacement for Red Hat JBoss Enterprise Application Platform 8.0.0, and includes bug fixes and     enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.0 Release Notes for information     about the most significant bug fixes and enhancements included in this release.

    Security Fix(es):

    * jgit: arbitrary file overwrite (CVE-2023-4759)

    * sshd-common: apache-mina-sshd: information exposure in SFTP server implementations (CVE-2023-35887)

    * parsson: Denial of Service due to large number parsing (CVE-2023-4043)

    * apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (CVE-2023-48795)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0711 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime.

    This release of Red Hat JBoss Enterprise Application Platform 7.4.15 serves as a replacement for Red Hat     JBoss Enterprise Application Platform 7.4.14, and includes bug fixes and enhancements. See the Red Hat     JBoss Enterprise Application Platform 7.4.15 Release Notes for information about the most significant bug     fixes and enhancements included in this release.

    Security Fix(es):

    * jgit: arbitrary file overwrite (CVE-2023-4759)

    * santuario: Private Key disclosure in debug-log output (CVE-2023-44483)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0712 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime.

    This release of Red Hat JBoss Enterprise Application Platform 7.4.15 serves as a replacement for Red Hat     JBoss Enterprise Application Platform 7.4.14, and includes bug fixes and enhancements. See the Red Hat     JBoss Enterprise Application Platform 7.4.15 Release Notes for information about the most significant bug     fixes and enhancements included in this release.

    Security Fix(es):

    * santuario: Private Key disclosure in debug-log output (CVE-2023-44483)

    * jgit: arbitrary file overwrite (CVE-2023-4759)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0710 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.15 serves as a     replacement for Red Hat JBoss Enterprise Application Platform 7.4.14, and includes bug fixes and     enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.15 Release Notes for information     about the most significant bug fixes and enhancements included in this release.

    Security Fix(es):

    * santuario: Private Key disclosure in debug-log output [eap-7.4.z] (CVE-2023-44483)

    * jgit: arbitrary file overwrite [eap-7.4.z] (CVE-2023-4759)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0057-1 advisory.

  - Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a     symbolic link present in a specially crafted git repository can be used to write a file to locations     outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or     when a checkout from a clone of such a repository is performed on a case-insensitive filesystem. This can     happen on checkout (DirCacheCheckout), merge (ResolveMerger via its WorkingTreeUpdater), pull (PullCommand     using merge), and when applying a patch (PatchApplier). This can be exploited for remote code execution     (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a     subsequent git command. The issue occurs only on case-insensitive filesystems, like the default     filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create     symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration.
    Setting git configuration option core.symlinks = false before checking out avoids the problem. The issue     was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via Maven     Central https://repo1.maven.org/maven2/org/eclipse/jgit/ and repo.eclipse.org     https://repo.eclipse.org/content/repositories/jgit-releases/ . The JGit maintainers would like to thank     RyotaK for finding and reporting this issue. (CVE-2023-4759)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
191654	RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.0.1 (RHSA-2024:1193)	Nessus	Red Hat Local Security Checks	critical
191651	RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.0.1 (RHSA-2024:1192)	Nessus	Red Hat Local Security Checks	critical
190092	RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.15 Security update (Moderate) (RHSA-2024:0711)	Nessus	Red Hat Local Security Checks	high
190091	RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.15 (RHSA-2024:0712)	Nessus	Red Hat Local Security Checks	high
190090	RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.15 Security update (Moderate) (RHSA-2024:0710)	Nessus	Red Hat Local Security Checks	high
187724	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : eclipse-jgit, jsch (SUSE-SU-2024:0057-1)	Nessus	SuSE Local Security Checks	high

Detections

Analytics

CVE-2023-4759

high

Tenable Plugins

critical

critical

high

high

high

high