CVE-2024-32002
Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
41Exploited in Wild
-Decision
Descriptions
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
Git es un sistema de control de revisiones. Antes de las versiones 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2 y 2.39.4, los repositorios con submódulos se podían manipular de manera que explotaran un error en Git mediante el cual se deja engañar y escribe archivos, no en el árbol de trabajo del submódulo, sino en un directorio `.git/`. Esto permite escribir un enlace que se ejecutará mientras la operación de clonación aún se está ejecutando, sin darle al usuario la oportunidad de inspeccionar el código que se está ejecutando. El problema se solucionó en las versiones 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2 y 2.39.4. Si la compatibilidad con enlaces simbólicos está deshabilitada en Git (por ejemplo, mediante `git config --global core.symlinks false`), el ataque descrito no funcionará. Como siempre, es mejor evitar clonar repositorios de fuentes que no sean de confianza.
A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of arbitrary code during the cloning process, bypassing user inspection and control.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-04-08 CVE Reserved
- 2024-05-14 CVE Published
- 2024-05-17 First Exploit
- 2024-06-27 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (50)
URL | Date | SRC |
---|---|---|
https://github.com/git/git/commit/97065761333fd62db1912d81b489db938d8c991d | 2024-06-26 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-32002 | 2024-09-11 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2280421 | 2024-09-11 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Git Search vendor "Git" | Git Search vendor "Git" for product "Git" | < 2.39.4 Search vendor "Git" for product "Git" and version " < 2.39.4" | - |
Affected
| ||||||
Git Search vendor "Git" | Git Search vendor "Git" for product "Git" | >= 2.40.0 < 2.40.2 Search vendor "Git" for product "Git" and version " >= 2.40.0 < 2.40.2" | - |
Affected
| ||||||
Git Search vendor "Git" | Git Search vendor "Git" for product "Git" | >= 2.42.0 < 2.42.2 Search vendor "Git" for product "Git" and version " >= 2.42.0 < 2.42.2" | - |
Affected
| ||||||
Git Search vendor "Git" | Git Search vendor "Git" for product "Git" | >= 2.43.0 < 2.43.4 Search vendor "Git" for product "Git" and version " >= 2.43.0 < 2.43.4" | - |
Affected
| ||||||
Git Search vendor "Git" | Git Search vendor "Git" for product "Git" | 2.41.0 Search vendor "Git" for product "Git" and version "2.41.0" | - |
Affected
| ||||||
Git Search vendor "Git" | Git Search vendor "Git" for product "Git" | 2.44.0 Search vendor "Git" for product "Git" and version "2.44.0" | - |
Affected
| ||||||
Git Search vendor "Git" | Git Search vendor "Git" for product "Git" | 2.45.0 Search vendor "Git" for product "Git" and version "2.45.0" | - |
Affected
|