A number of safety vulnerabilities have been disclosed in GitHub Desktop in addition to different Git-related initiatives that, if efficiently exploited, might allow an attacker to realize unauthorized entry to a person’s Git credentials.
“Git implements a protocol known as Git Credential Protocol to retrieve credentials from the credential helper,” GMO Flatt Safety researcher Ry0taK, who found the issues, mentioned in an evaluation revealed Sunday. “Due to improper dealing with of messages, many initiatives have been weak to credential leakage in varied methods.”
The checklist of recognized vulnerabilities is as follows –
- CVE-2025-23040 (CVSS rating: 6.6) – Maliciously crafted distant URLs might result in credential leaks in GitHub Desktop
- CVE-2024-50338 (CVSS rating: 7.4) – Carriage-return character in distant URL permits the malicious repository to leak credentials in Git Credential Supervisor
- CVE-2024-53263 (CVSS rating: 8.5) – Git LFS permits retrieval of credentials through crafted HTTP URLs
- CVE-2024-53858 (CVSS rating: 6.5) – Recursive repository cloning in GitHub CLI can leak authentication tokens to non-GitHub submodule hosts
Whereas the credential helper is designed to return a message containing the credentials which might be separated by the newline management character (“n”), the analysis discovered that GitHub Desktop is prone to a case of carriage return (“r”) smuggling whereby injecting the character right into a crafted URL can leak the credentials to an attacker-controlled host.
“Utilizing a maliciously crafted URL it is potential to trigger the credential request coming from Git to be misinterpreted by Github Desktop such that it’ll ship credentials for a unique host than the host that Git is presently speaking with thereby permitting for secret exfiltration,” GitHub mentioned in an advisory.
An identical weak point has additionally been recognized within the Git Credential Supervisor NuGet bundle, permitting for credentials to be uncovered to an unrelated host. Git LFS, likewise, has been discovered to not test for any embedded management characters, leading to a carriage return line feed (CRLF) injection through crafted HTTP URLs.
Alternatively, the vulnerability impacting GitHub CLI takes benefit of the truth that the entry token is configured to be despatched to hosts apart from github[.]com and ghe[.]com so long as the surroundings variables GITHUB_ENTERPRISE_TOKEN, GH_ENTERPRISE_TOKEN, and GITHUB_TOKEN are set, and CODESPACES is ready to “true” within the case of the latter.
“Whereas each enterprise-related variables should not frequent, the CODESPACES surroundings variable is at all times set to true when operating on GitHub Codespaces,” Ry0taK mentioned. “So, cloning a malicious repository on GitHub Codespaces utilizing GitHub CLI will at all times leak the entry token to the attacker’s hosts.”
Profitable exploitation of the aforementioned flaws might result in a malicious third-party utilizing the leaked authentication tokens to entry privileged assets.
In response to the disclosures, the credential leakage stemming from carriage return smuggling has been handled by the Git mission as a standalone vulnerability (CVE-2024-52006, CVSS rating: 2.1) and addressed in model v2.48.1.
“This vulnerability is expounded to CVE-2020-5260, however depends on conduct the place single carriage return characters are interpreted by some credential helper implementations as newlines,” GitHub software program engineer Taylor Blau mentioned in a publish about CVE-2024-52006.
The newest model additionally patches CVE-2024-50349 (CVSS rating: 2.1), which might be exploited by an adversary to craft URLs containing escape sequences to trick customers into offering their credentials to arbitrary websites.
Customers are suggested to replace to the newest model to guard towards these vulnerabilities. If instant patching shouldn’t be an possibility, the danger related to the issues may be mitigated by avoiding operating git clone with –recurse-submodules towards untrusted repositories. It is also advisable to not use the credential helper by solely cloning publicly accessible repositories.
