CVE-2024-32478

{"id": "CVE-2024-32478", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 0.6}]}, "published": "2024-04-19T15:15:50.783", "references": [{"url": "https://github.com/git-ecosystem/git-credential-manager/commit/d9ac33c5b1478383672b4425f5ecf875a62efba9", "source": "security-advisories@github.com"}, {"url": "https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-3c3g-h9rx-f7vq", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "Git Credential Manager (GCM) is a secure Git credential helper. Prior to 2.5.0, the Debian package does not set root ownership on installed files. This allows user 1001 on a multi-user system can replace binary and gain other users' privileges. This vulnerability is fixed in 2.5.0.\n"}], "lastModified": "2024-04-19T16:19:49.043", "sourceIdentifier": "security-advisories@github.com"}