CVE-2022-24765 – Uncontrolled search for the Git directory in Git for Windows
https://notcve.org/view.php?id=CVE-2022-24765
Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. • http://seclists.org/fulldisclosure/2022/May/31 http://www.openwall.com/lists/oss-security/2022/04/12/7 https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash https://git-scm.com/docs/git#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2 https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedor • CWE-427: Uncontrolled Search Path Element •
CVE-2022-24975
https://notcve.org/view.php?id=CVE-2022-24975
The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option. Note: This has been disputed by multiple 3rd parties who believe this is an intended feature of the git binary and does not pose a security risk. La documentación --mirror para Git versiones hasta 2.35.1, no menciona la disponibilidad del contenido eliminado, también se conoce como el problema "GitBleed". Esto podría presentar un riesgo de seguridad si los procesos de auditoría de divulgación de información dependen de una operación de clonación sin la opción --mirror • https://github.com/git/git/blob/2dc94da3744bfbbf145eca587a0f5ff480cc5867/Documentation/git-clone.txt#L185-L191 https://wwws.nightwatchcybersecurity.com/2022/02/11/gitbleed https://www.aquasec.com/blog/undetected-hard-code-secrets-expose-corporations https://lore.kernel.org/git/xmqq4k14qe9g.fsf%40gitster.g • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2021-40330
https://notcve.org/view.php?id=CVE-2021-40330
git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring. La función git_connect_git en el archivo connect.c en Git versiones anteriores a 2.30.1, permite que la ruta de un repositorio contenga un carácter de nueva línea, que puede resultar en peticiones inesperadas entre protocolos, como es demostrado en la subcadena git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 • https://github.com/git/git/commit/a02ea577174ab8ed18f847cf1693f213e0b9c473 https://github.com/git/git/compare/v2.30.0...v2.30.1 https://lists.debian.org/debian-lts-announce/2022/10/msg00014.html •
CVE-2021-21300 – malicious repositories can execute remote code while cloning
https://notcve.org/view.php?id=CVE-2021-21300
Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. • https://github.com/AlkenePan/CVE-2021-21300 https://github.com/Maskhe/CVE-2021-21300 https://github.com/1uanWu/CVE-2021-21300 https://github.com/Roboterh/CVE-2021-21300 https://github.com/Saboor-Hakimi-23/CVE-2021-21300 https://github.com/Kirill89/CVE-2021-21300 https://github.com/erranfenech/CVE-2021-21300 https://github.com/fengzhouc/CVE-2021-21300 https://github.com/danshuizhangyu/CVE-2021-21300 https://github.com/Faisal78123/CVE-2021-21300 http://packetstormsecurity. • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2020-11008 – Malicious URLs can still cause Git to send a stored credential to the wrong server
https://notcve.org/view.php?id=CVE-2020-11008
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a "blank" pattern to helpers, missing hostname and protocol fields. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html http://seclists.org/fulldisclosure/2020/May/41 https://github.com/git/git/commit/c44088ecc4b0722636e0a305f9608d3047197282 https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7 https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q https://lists.debian.org/debian-lts-announce/2020/04/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74Q7WVJ6FKLIN62VS2JD2XCNW • CWE-20: Improper Input Validation CWE-522: Insufficiently Protected Credentials •