CVE-2023-29007
Arbitrary configuration injection via `git submodule deinit`
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.
A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-03-29 CVE Reserved
- 2023-04-25 CVE Published
- 2023-04-26 First Exploit
- 2024-08-02 CVE Updated
- 2024-10-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CAPEC
References (12)
| URL | Date | SRC |
|---|---|---|
| https://github.com/ethiack/CVE-2023-29007 | 2023-04-26 | |
| https://github.com/omespino/CVE-2023-29007 | 2023-05-03 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/git/git/commit/528290f8c61222433a8cf02fb7cfffa8438432b4 | 2024-02-01 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Git-scm Search vendor "Git-scm" | Git Search vendor "Git-scm" for product "Git" | < 2.30.9 Search vendor "Git-scm" for product "Git" and version " < 2.30.9" | - |
Affected
| ||||||
| Git-scm Search vendor "Git-scm" | Git Search vendor "Git-scm" for product "Git" | >= 2.31.0 < 2.31.8 Search vendor "Git-scm" for product "Git" and version " >= 2.31.0 < 2.31.8" | - |
Affected
| ||||||
| Git-scm Search vendor "Git-scm" | Git Search vendor "Git-scm" for product "Git" | >= 2.32.0 < 2.32.7 Search vendor "Git-scm" for product "Git" and version " >= 2.32.0 < 2.32.7" | - |
Affected
| ||||||
| Git-scm Search vendor "Git-scm" | Git Search vendor "Git-scm" for product "Git" | >= 2.33.0 < 2.33.8 Search vendor "Git-scm" for product "Git" and version " >= 2.33.0 < 2.33.8" | - |
Affected
| ||||||
| Git-scm Search vendor "Git-scm" | Git Search vendor "Git-scm" for product "Git" | >= 2.34.0 < 2.34.8 Search vendor "Git-scm" for product "Git" and version " >= 2.34.0 < 2.34.8" | - |
Affected
| ||||||
| Git-scm Search vendor "Git-scm" | Git Search vendor "Git-scm" for product "Git" | >= 2.35.0 < 2.35.8 Search vendor "Git-scm" for product "Git" and version " >= 2.35.0 < 2.35.8" | - |
Affected
| ||||||
| Git-scm Search vendor "Git-scm" | Git Search vendor "Git-scm" for product "Git" | >= 2.36.0 < 2.36.5 Search vendor "Git-scm" for product "Git" and version " >= 2.36.0 < 2.36.5" | - |
Affected
| ||||||
| Git-scm Search vendor "Git-scm" | Git Search vendor "Git-scm" for product "Git" | >= 2.37.0 < 2.37.7 Search vendor "Git-scm" for product "Git" and version " >= 2.37.0 < 2.37.7" | - |
Affected
| ||||||
| Git-scm Search vendor "Git-scm" | Git Search vendor "Git-scm" for product "Git" | >= 2.38.0 < 2.38.5 Search vendor "Git-scm" for product "Git" and version " >= 2.38.0 < 2.38.5" | - |
Affected
| ||||||
| Git-scm Search vendor "Git-scm" | Git Search vendor "Git-scm" for product "Git" | >= 2.39.0 < 2.39.3 Search vendor "Git-scm" for product "Git" and version " >= 2.39.0 < 2.39.3" | - |
Affected
| ||||||
| Git-scm Search vendor "Git-scm" | Git Search vendor "Git-scm" for product "Git" | 2.40.0 Search vendor "Git-scm" for product "Git" and version "2.40.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 37 Search vendor "Fedoraproject" for product "Fedora" and version "37" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 38 Search vendor "Fedoraproject" for product "Fedora" and version "38" | - |
Affected
| ||||||