Git vulnerability in submodules can be exploited to execute malicious code
CVE-2024-32002
Key Information:
Badges
What is CVE-2024-32002?
CVE-2024-32002 is a security vulnerability in Git, a widely used revision control system essential for software development. This vulnerability allows attackers to exploit repositories containing submodules, enabling them to execute malicious code without user intervention. As a result, an organization using affected versions of Git could face unauthorized access, data loss, and potential compromise of their development environments. This underscores the importance of maintaining secure coding practices and ensuring that software components are sourced from trusted origins.
Technical Details
The flaw occurs in versions of Git prior to 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. The vulnerability arises from Git's handling of submodules, wherein crafted repositories can trick Git into writing files directly into its .git/ directory instead of the designated submodule's worktree. This enables the execution of a hook during the cloning process, providing no opportunity for users to inspect or analyze the malicious code being executed. Though the issue has been addressed in the patched versions mentioned, it highlights the risks associated with cloning vulnerable repositories.
Impact of the Vulnerability
-
Remote Code Execution: The vulnerability permits the execution of arbitrary code on the victim's machine without their knowledge, which could lead to severe compromises of the system.
-
Data Breach Potential: Exploitation of this vulnerability could facilitate unauthorized access to sensitive data within source code repositories or development environments, thereby endangering proprietary code and user information.
-
Widespread Exploitation Risk: Given that Git is extensively used across numerous software development projects, the ability to execute malicious code through submodule manipulation poses a serious threat, making it a likely target for attackers, including those engaged in ransomware activities.
Affected Version(s)
git = 2.45.0 = 2.45.0
git = 2.44.0 = 2.44.0
git >= 2.43.0, < 2.43.4 < 2.43.0, 2.43.4
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Cyber Security Agency of SingaporeCVE-2024-32002Critical Vulnerability in Git
Security updates have been released to address a critical vulnerability (CVE-2024-32002) affecting Git. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.1 out of 10.Successful...
CybersecurityNewsCVE-2024-32002PoC Exploit Released for Critical Git RCE Vulnerability
A vulnerability in Git, identified as CVE-2024-32002, has come to light, posing risks to users of the widely used version control system.
GBHackers on SecurityCVE-2024-32002Critical Git Vulnerability Let Attackers Execute Remote Code : PoC Published
A critical remote code execution vulnerability has been discovered in the git clone which was assigned with CVE-2024-32002 and the severity
References
EPSS Score
70% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 📈
Vulnerability started trending
- 👾
Exploit known to exist
- 📰
First article discovered by prophaze.com
Vulnerability published
Vulnerability Reserved