Git vulnerability in submodules can be exploited to execute malicious code
CVE-2024-32002

9.1CRITICAL

Key Information:

Vendor
Git
Status
Git
Vendor
CVE Published:
14 May 2024

Badges

📈 Trended📈 Score: 9,940👾 Exploit Exists🟡 Public PoC🟣 EPSS 70%📰 News Worthy

What is CVE-2024-32002?

CVE-2024-32002 is a security vulnerability in Git, a widely used revision control system essential for software development. This vulnerability allows attackers to exploit repositories containing submodules, enabling them to execute malicious code without user intervention. As a result, an organization using affected versions of Git could face unauthorized access, data loss, and potential compromise of their development environments. This underscores the importance of maintaining secure coding practices and ensuring that software components are sourced from trusted origins.

Technical Details

The flaw occurs in versions of Git prior to 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. The vulnerability arises from Git's handling of submodules, wherein crafted repositories can trick Git into writing files directly into its .git/ directory instead of the designated submodule's worktree. This enables the execution of a hook during the cloning process, providing no opportunity for users to inspect or analyze the malicious code being executed. Though the issue has been addressed in the patched versions mentioned, it highlights the risks associated with cloning vulnerable repositories.

Impact of the Vulnerability

  1. Remote Code Execution: The vulnerability permits the execution of arbitrary code on the victim's machine without their knowledge, which could lead to severe compromises of the system.

  2. Data Breach Potential: Exploitation of this vulnerability could facilitate unauthorized access to sensitive data within source code repositories or development environments, thereby endangering proprietary code and user information.

  3. Widespread Exploitation Risk: Given that Git is extensively used across numerous software development projects, the ability to execute malicious code through submodule manipulation poses a serious threat, making it a likely target for attackers, including those engaged in ransomware activities.

Affected Version(s)

git = 2.45.0 = 2.45.0

git = 2.44.0 = 2.44.0

git >= 2.43.0, < 2.43.4 < 2.43.0, 2.43.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

News Articles

Critical Vulnerability in Git

Security updates have been released to address a critical vulnerability (CVE-2024-32002) affecting Git. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.1 out of 10.Successful...

PoC Exploit Released for Critical Git RCE Vulnerability

A vulnerability in Git, identified as CVE-2024-32002, has come to light, posing risks to users of the widely used version control system.

Critical Git Vulnerability Let Attackers Execute Remote Code : PoC Published

A critical remote code execution vulnerability has been discovered in the git clone which was assigned with CVE-2024-32002 and the severity

References

EPSS Score

70% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 🟡

    Public PoC available

  • 📈

    Vulnerability started trending

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by prophaze.com

  • Vulnerability published

  • Vulnerability Reserved

.