How severe is CVE-2022-31012?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2022-31012?

This is classified as CWE-426, which is a common weakness in software security.

CVE-2022-31012 - HIGH Severity | CVSS 7.3

Vulnerability Description

Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability in versions prior to 2.37.1 lets Git for Windows' installer execute a binary into `C:\mingw64\bin\git.exe` by mistake. This only happens upon a fresh install, not when upgrading Git for Windows. A patch is included in version 2.37.1. Two workarounds are available. Create the `C:\mingw64` folder and remove read/write access from this folder, or disallow arbitrary authenticated users to create folders in `C:\`.

Related Vulnerabilities

CVE-2016-0018

HIGH

CVSS:7.3(High)

Microsoft Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 R2, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka ...

CWE-4262016

CVE-2016-10009

HIGH

CVSS:7.3(High)

Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-so...

CWE-4262016

CVE-2016-1014

HIGH

CVSS:7.3(High)

Untrusted search path vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows local users to gain priv...

CWE-4262016

CVE-2017-11657

HIGH

CVSS:7.3(High)

Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\Dashlane directory.

CWE-4262017

CVE-2017-2157

HIGH

CVSS:7.3(High)

Untrusted search path vulnerability in installers for The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.1 and earlier, The Public Certification...

CWE-4262017

CVE-2017-6189

HIGH

CVSS:7.3(High)

Untrusted search path vulnerability in Amazon Kindle for PC before 1.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in the current working dir...

CWE-4262017