Not to be fixed
Created: Apr 12, 2022
Updated: Jul 3, 2022
Resolved Date: Jul 3, 2022
Found In Version: 10.17.41.1
Severity: Standard
Applicable for: Wind River Linux LTS 17
Component/s: Userspace
On multi-user machines, Git users might find themselves unexpectedly in a Git worktree, e.g. when there is a scratch space (`/scratch/`) intended for all users and another user created a repository in /scratch/.git`.
Merely having a Git-aware prompt that runs `git status` (or `git diff`) and navigating to a directory which is supposedly not a Git worktree, or opening such a directory in an editor or IDE such as VS Code or Atom, will potentially run commands defined by that other user via `/scratch/.git/config`.
CREATE(Triage):(User=admin) CVE-2022-24765 (https://nvd.nist.gov/vuln/detail/CVE-2022-24765)