CVE-2025-22620

Published Jan 20, 2025

Last updated a month ago

CVSS medium 5.0

Overview

Description
gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. This causes files in a repository to be world-writable in some situations. This vulnerability is fixed in 0.17.0.
Source
security-advisories@github.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
5
Impact score
3.6
Exploitability score
1.3
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Severity
MEDIUM

Weaknesses

security-advisories@github.com
CWE-281

Social media

Hype score
Not currently trending

  1. CVE-2025-22620 gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending tha… https://t.co/aI9rBditPl

    @CVEnew

    20 Jan 2025

    454 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References