CVE-2024-32002 - ADO vulnerability?
My organisation have an instance of Azure DevOps Services. I have noticed recently that this vulnerability was opened on GIT: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32002
I am wondering if this vulnerability impacts the version of GIT used within Azure DevOps Services or how I would find out what version of GIT is used with Azure DevOps services?
Thanks in advance
I have tried searching for an answer using a search engine but could not find anything decisive on the version used.
how I would find out what version of GIT is used with Azure DevOps services?
You can check the logs of the checkout task to see which git version is being used.
Regarding the vulnerability, and according to the link you posted:
... problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4
I just ran a pipeline using a Microsoft-hosted agent, and can confirm it is using a patched version:
As per Self-hosted agents, you need to update Git to an patched version.
- Rename file for all commits in a Git repository
- git pull and resolve conflicts
- How to substitute text from files in git history?
- Define git alias with the same name to shadow original command
- Specify extras_require with pip install -e
- How do I rebase my PR without adding commits to it?
- Merge git repo into branch of another repo
- How to correct `git` reporting `detected dubious ownership in repository` without adding `safe.directory` when using WSL?
- Trouble setting up git with my GitHub Account error: could not lock config file
- In a Git repository, how to properly rename a directory?
- Git submodule push
- send-pack: unexpected disconnect while reading sideband packet when pushing to local git server
- Gerrit: configure similarity index threshold (renamed file)
- Git double revert : How to keep original author?
- Gitignore not working
- git submodule deinit not working as expected after submodule url change
- How can I find/identify large commits in Git history?
- How to fix : failed to push some refs to gitlab?
- Gitlab: webhook event on create branch
- Using "x AND y" instead of "x OR y" when using --grep twice in git-log
- Issues with commit message when pre-commit hook changes files
- Unstaged changes left after git reset --hard
- How to clone only a folder from a git submodule?
- How do I checkout a branch ignoring all local changes?
- Include only tracked files with npm publish
- Prevent Pull Request builds from triggering Continuous deployment trigger Azure DevOps Server
- Heroku/Git: protocol error: bad line length character: erro
- Add all files to a commit except a single file?
- Git Bash is extremely slow on Windows 7 x64
- How to delete a git working tree branch when its working directory has been removed?