Alpine: multiple git packages, multiple perl-git packages: security update to 2.37.1-r0

high Tenable Self-Hosted Container Security Plugin ID 423963

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4,
2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An
unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when
navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a
git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a
patch for this issue. The simplest way to avoid being affected by the exploit described in the example is
to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a
minimum. While a generic workaround is not possible, a system could be hardened from the exploit described
in the example by removing any such repository if it exists already and creating one as root to block any
future attacks. (CVE-2022-29187)

See Also

https://security.alpinelinux.org/vuln/CVE-2022-29187

Plugin Details

Severity: High

ID: 423963

Version: Revision 1.9

Type: Local

Published: 4/4/2025

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.1

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-29187

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 7/12/2022

Reference Information

CVE: CVE-2022-29187