Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-h8as-wpes-q7eq
Vulnerability ID VCID-h8as-wpes-q7eq
Aliases CVE-2022-29187
Summary A vulnerability has been found in libgit2 which could result in privilege escalation.
Status Published
Exploitability 0.5
Weighted Severity 7.0
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-283 Unverified Ownership
System Score Found at
cvssv3 7.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29187.json
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2022-29187
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2022-29187
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2022-29187
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2022-29187
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2022-29187
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2022-29187
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2022-29187
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2022-29187
cvssv3.1 7.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
archlinux Unknown https://security.archlinux.org/AVG-2778
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29187.json
https://api.first.org/data/v1/epss?cve=CVE-2022-29187
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23521
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29187
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39253
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39260
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41903
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1014848 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014848
2107439 https://bugzilla.redhat.com/show_bug.cgi?id=2107439
AVG-2778 https://security.archlinux.org/AVG-2778
GLSA-202312-15 https://security.gentoo.org/glsa/202312-15
GLSA-202401-17 https://security.gentoo.org/glsa/202401-17
RHSA-2023:2319 https://access.redhat.com/errata/RHSA-2023:2319
RHSA-2023:2859 https://access.redhat.com/errata/RHSA-2023:2859
RHSA-2024:0407 https://access.redhat.com/errata/RHSA-2024:0407
USN-5511-1 https://usn.ubuntu.com/5511-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29187.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.21788
EPSS Score 0.00071
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:03:01.554215+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/202401-17 38.0.0