Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-21284

Git LFS on Windows vulnerable to remote code execution (CVE-2020-27955)

XMLWordPrintable

    • 9.1
    • Critical
    • CVE-2020-27955

      A remote code exeecution vulnerability was recently discovered in Git LFS:

      https://legalhackers.com/advisories/Git-LFS-RCE-Exploit-CVE-2020-27955.html

      Vulnerable git clients that clone a malicious repository are vulnerable to remote code execution.

      Please determine if Bamboo is vulnerable. If it is definitively determined not to be affected, please close this as a false positive. If it is vulnerable, please work on remediating the issue.

          Form Name

            [BAM-21284] Git LFS on Windows vulnerable to remote code execution (CVE-2020-27955)

            Eric Franklin (Inactive) made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 847570 ]
            Eric Franklin (Inactive) made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 846154 ]
            Jacek Krawczyk (Inactive) made changes -
            Remote Link Original: This issue links to "Page (Atlassian Documentation)" [ 717054 ]
            Jacek Krawczyk (Inactive) made changes -
            Remote Link New: This issue links to "Page (Atlassian Documentation)" [ 717054 ]
            Jacek Krawczyk (Inactive) made changes -
            Remote Link Original: This issue links to "Page (Atlassian Documentation)" [ 715529 ]
            Jacek Krawczyk (Inactive) made changes -
            Remote Link New: This issue links to "Page (Atlassian Documentation)" [ 715529 ]
            Security Metrics Bot made changes -
            CVE ID New: CVE-2020-27955
            David Black made changes -
            Remote Link New: This issue links to "Page (Atlassian Documentation)" [ 565139 ]
            Mitchell Johnson made changes -
            Description Original: This vulnerability affects certain versions of Atlassian Dev Tools. Please describe the impact of the vulnerability here. No known vulnerability could be read off of the parent.
            		New: A remote code exeecution vulnerability was recently discovered in Git LFS:

            https://legalhackers.com/advisories/Git-LFS-RCE-Exploit-CVE-2020-27955.html

            Vulnerable git clients that clone a malicious repository are vulnerable to remote code execution.

            Please determine if Bamboo is vulnerable. If it is definitively determined not to be affected, please close this as a false positive. If it is vulnerable, please work on remediating the issue.
            Mitchell Johnson made changes -
            Description Original:
            This vulnerability affects certain versions of Atlassian Dev Tools. Please describe the impact of the vulnerability here. No known vulnerability could be read off of the parent.
            		 New: This vulnerability affects certain versions of Atlassian Dev Tools. Please describe the impact of the vulnerability here. No known vulnerability could be read off of the parent.
            Security Original: Atlassian Staff [ 10750 ]

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: