// For flags

CVE-2024-32002

Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution

Severity Score

9.0
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

41
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.

Git es un sistema de control de revisiones. Antes de las versiones 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2 y 2.39.4, los repositorios con submódulos se podían manipular de manera que explotaran un error en Git mediante el cual se deja engañar y escribe archivos, no en el árbol de trabajo del submódulo, sino en un directorio `.git/`. Esto permite escribir un enlace que se ejecutará mientras la operación de clonación aún se está ejecutando, sin darle al usuario la oportunidad de inspeccionar el código que se está ejecutando. El problema se solucionó en las versiones 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2 y 2.39.4. Si la compatibilidad con enlaces simbólicos está deshabilitada en Git (por ejemplo, mediante `git config --global core.symlinks false`), el ataque descrito no funcionará. Como siempre, es mejor evitar clonar repositorios de fuentes que no sean de confianza.

A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of arbitrary code during the cloning process, bypassing user inspection and control.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
Poc
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2024-04-08 CVE Reserved
  • 2024-05-14 CVE Published
  • 2024-05-17 First Exploit
  • 2024-06-27 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • CWE-59: Improper Link Resolution Before File Access ('Link Following')
  • CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (50)
URL Date SRC
https://github.com/amalmurali47/git_rce 2024-05-19
https://github.com/amalmurali47/hook 2024-05-19
https://github.com/bonnettheo/CVE-2024-32002 2024-06-27
https://github.com/WOOOOONG/CVE-2024-32002 2024-05-23
https://github.com/WOOOOONG/hook 2024-05-23
https://github.com/markuta/hooky 2024-05-17
https://github.com/markuta/CVE-2024-32002 2024-05-30
https://github.com/bfengj/CVE-2024-32002-Exploit 2024-05-22
https://github.com/bfengj/CVE-2024-32002-hook 2024-05-22
https://github.com/tiyeume25112004/CVE-2024-32002 2024-07-30
https://github.com/charlesgargasson/CVE-2024-32002 2024-07-30
https://github.com/safebuffer/CVE-2024-32002 2024-05-18
https://github.com/M507/CVE-2024-32002 2024-05-18
https://github.com/JJoosh/CVE-2024-32002-Reverse-Shell 2024-05-21
https://github.com/JJoosh/CVE-2024-32002 2024-05-21
https://github.com/10cks/CVE-2024-32002-EXP 2024-05-23
https://github.com/10cks/CVE-2024-32002-POC 2024-05-23
https://github.com/10cks/CVE-2024-32002-smash 2024-05-23
https://github.com/10cks/CVE-2024-32002-hulk 2024-05-23
https://github.com/10cks/CVE-2024-32002-submod 2024-05-23
https://github.com/10cks/CVE-2024-32002-linux-hulk 2024-05-23
https://github.com/10cks/CVE-2024-32002-linux-submod 2024-05-23
https://github.com/10cks/CVE-2024-32002-linux-smash 2024-05-23
https://github.com/vincepsh/CVE-2024-32002-hook 2024-05-22
https://github.com/vincepsh/CVE-2024-32002 2024-05-22
https://github.com/blackninja23/CVE-2024-32002 2024-07-27
https://github.com/AD-Appledog/CVE-2024-32002 2024-05-31
https://github.com/sanan2004/CVE-2024-32002 2024-08-17
https://github.com/daemon-reconfig/CVE-2024-32002 2024-08-02
https://github.com/YuanlooSec/CVE-2024-32002-poc 2024-05-22
https://github.com/h3xm4n/CVE-2024-32002 2024-07-29
https://github.com/FlojBoj/CVE-2024-32002 2024-08-25
https://github.com/sysonlai/CVE-2024-32002-hook 2024-07-07
https://github.com/1mxml/CVE-2024-32002-poc 2024-05-22
https://github.com/ycdxsb/CVE-2024-32002-hulk 2024-05-22
https://github.com/ycdxsb/CVE-2024-32002-submod 2024-05-22
https://github.com/TSY244/CVE-2024-32002-git-rce 2024-07-20
https://github.com/Basyaact/CVE-2024-32002-PoC_Chinese 2024-06-05
https://github.com/Goplush/CVE-2024-32002-git-rce 2024-05-28
https://github.com/Masamuneee/CVE-2024-32002-POC 2024-09-27
https://github.com/grecosamuel/CVE-2024-32002 2024-10-22
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Git
Search vendor "Git"
Git
Search vendor "Git" for product "Git"
< 2.39.4
Search vendor "Git" for product "Git" and version " < 2.39.4"
-
Affected
Git
Search vendor "Git"
Git
Search vendor "Git" for product "Git"
>= 2.40.0 < 2.40.2
Search vendor "Git" for product "Git" and version " >= 2.40.0 < 2.40.2"
-
Affected
Git
Search vendor "Git"
Git
Search vendor "Git" for product "Git"
>= 2.42.0 < 2.42.2
Search vendor "Git" for product "Git" and version " >= 2.42.0 < 2.42.2"
-
Affected
Git
Search vendor "Git"
Git
Search vendor "Git" for product "Git"
>= 2.43.0 < 2.43.4
Search vendor "Git" for product "Git" and version " >= 2.43.0 < 2.43.4"
-
Affected
Git
Search vendor "Git"
Git
Search vendor "Git" for product "Git"
2.41.0
Search vendor "Git" for product "Git" and version "2.41.0"
-
Affected
Git
Search vendor "Git"
Git
Search vendor "Git" for product "Git"
2.44.0
Search vendor "Git" for product "Git" and version "2.44.0"
-
Affected
Git
Search vendor "Git"
Git
Search vendor "Git" for product "Git"
2.45.0
Search vendor "Git" for product "Git" and version "2.45.0"
-
Affected