Monday, May 20, 2024

Vulnerability: Git provides patches for Windows and multi-user systems


Vulnerability reported by the GitHub version control platform on April 12, 2022 in the NIST National Vulnerability Database CVE-2022-24765 describes a potential vulnerability in local Git installations, which may particularly affect Git for Windows and multi-user systems. GitHub itself and its users are not directly affected by this, but the platform still recommends a quick update to the v2.35.2 maintenance release provided by Git.

As the CVE description shows, attackers on multi-user systems could create a .git directory at a shared level above the main working directory. On Windows, this opens the possibility of creating C:\.git\config, for example, so that all Git calls made outside of a repository read the values ​​configured there. Because some configuration variables like core.fsmonitor Git can cause arbitrary commands to be executed, attackers could inject their own commands into the system and trigger them. Git v2.35.2 does not allow switching to a top level git directory when accompanied by a user switch. The necessary deviations from this new behavior can be found in the also new configuration.

another in CVE-2022-24767 The described vulnerability that allows the placement of potentially malicious .dll files affects the Git Uninstaller for Windows. If the uninstaller of a system-Account running in the user’s temporary directory as usual, any authenticated user could inject .dll files into the process, since the default permissions of system allow this for C:\Windows\Temp. Git for Windows v2.35.2 close this gap.

More details about the vulnerabilities can be found in the GitHub Blog as well as in the Git Project Announcement of Maintenance Release v2.35.2which was released at the same time as other patches v2.30.3, v2.31.2, v2.32.1, v2.33.2 and v2.34.2.


to the home page

Ebenezer Robbins
Ebenezer Robbins
Introvert. Beer guru. Communicator. Travel fanatic. Web advocate. Certified alcohol geek. Tv buff. Subtly charming internet aficionado.

Share post:


More like this

How to Sell CS:GO Skins for Real Money

CS:GO skins have become not just an ordinary design...

Decoding The Diversity: A Guide To Different Types Of Horse Races

Horse racing reaches 585 million households worldwide, enjoying immense...

Maximizing Efficiency: How Our Cloud Services Revolutionized Operations for Small Businesses

Small businesses constantly seek innovative solutions to streamline operations...

Big Data for Musicians: The Game Changer!

In the dynamic realm of the music industry, Viberate...