CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50338 – Carriage-return character in remote URL allows malicious repository to leak credentials in Git Credential Manager
https://notcve.org/view.php?id=CVE-2024-50338
14 Jan 2025 — Git Credential Manager (GCM) is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format `key=value`. Git's documentation restricts the use of the NUL (`\0`) character and newlines to form part of the keys or values. When Git reads from standard input, it considers both LF and CRLF as newline characters for the credential protocol by virtue of c... • https://git-scm.com/docs/git-credential#IOFMT • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32478 – Git Credential Manager (GCM)'s Debian package does not set root ownership on installed files
https://notcve.org/view.php?id=CVE-2024-32478
19 Apr 2024 — Git Credential Manager (GCM) is a secure Git credential helper. Prior to 2.5.0, the Debian package does not set root ownership on installed files. This allows user 1001 on a multi-user system can replace binary and gain other users' privileges. This vulnerability is fixed in 2.5.0. Git Credential Manager (GCM) es un asistente seguro de credenciales Git. • https://github.com/git-ecosystem/git-credential-manager/commit/d9ac33c5b1478383672b4425f5ecf875a62efba9 • CWE-732: Incorrect Permission Assignment for Critical Resource •