Wednesday, December 4, 2024

Vulnerability: Git provides patches for Windows and multi-user systems

Date:

Vulnerability reported by the GitHub version control platform on April 12, 2022 in the NIST National Vulnerability Database CVE-2022-24765 describes a potential vulnerability in local Git installations, which may particularly affect Git for Windows and multi-user systems. GitHub itself and its users are not directly affected by this, but the platform still recommends a quick update to the v2.35.2 maintenance release provided by Git.

As the CVE description shows, attackers on multi-user systems could create a .git directory at a shared level above the main working directory. On Windows, this opens the possibility of creating C:\.git\config, for example, so that all Git calls made outside of a repository read the values ​​configured there. Because some configuration variables like core.fsmonitor Git can cause arbitrary commands to be executed, attackers could inject their own commands into the system and trigger them. Git v2.35.2 does not allow switching to a top level git directory when accompanied by a user switch. The necessary deviations from this new behavior can be found in the also new safe.directory-Set configuration.

another in CVE-2022-24767 The described vulnerability that allows the placement of potentially malicious .dll files affects the Git Uninstaller for Windows. If the uninstaller of a system-Account running in the user’s temporary directory as usual, any authenticated user could inject .dll files into the process, since the default permissions of system allow this for C:\Windows\Temp. Git for Windows v2.35.2 close this gap.

More details about the vulnerabilities can be found in the GitHub Blog as well as in the Git Project Announcement of Maintenance Release v2.35.2which was released at the same time as other patches v2.30.3, v2.31.2, v2.32.1, v2.33.2 and v2.34.2.


(Map)

to the home page

Ebenezer Robbins
Ebenezer Robbins
Introvert. Beer guru. Communicator. Travel fanatic. Web advocate. Certified alcohol geek. Tv buff. Subtly charming internet aficionado.

Share post:

Popular

More like this
Related

Practice Acrylic Nail Techniques Without Needing a Fake Hand

When you're starting your journey with acrylic nails, practice...

Inside the World of Common Snapping Turtles: Behavior and Habitat

The common snapping turtle (Chelydra serpentina) is one of...

How to Use Video Marketing to Promote B2C Products?

Video marketing has emerged as a powerful tool for...

Adapting to Change: The Future for Leopard Tortoise Environments

Leopard tortoises, known for their striking spotted shells and...