A number of security vulnerabilities have been disclosed in GitHub Desktop in addition to different Git-related initiatives that, if efficiently exploited, may allow an attacker to realize unauthorized entry to a consumer’s Git credentials.
“Git implements a protocol known as Git Credential Protocol to retrieve credentials from the credential helper,” GMO Flatt Safety researcher Ry0taK, who found the failings, mentioned in an evaluation revealed Sunday. “Due to improper dealing with of messages, many initiatives had been susceptible to credential leakage in numerous methods.”
The listing of recognized vulnerabilities is as follows –
- CVE-2025-23040 (CVSS rating: 6.6) – Maliciously crafted distant URLs may result in credential leaks in GitHub Desktop
- CVE-2024-50338 (CVSS rating: 7.4) – Carriage-return character in distant URL permits the malicious repository to leak credentials in Git Credential Supervisor
- CVE-2024-53263 (CVSS rating: 8.5) – Git LFS permits retrieval of credentials through crafted HTTP URLs
- CVE-2024-53858 (CVSS rating: 6.5) – Recursive repository cloning in GitHub CLI can leak authentication tokens to non-GitHub submodule hosts
Whereas the credential helper is designed to return a message containing the credentials which can be separated by the newline management character (“n”), the analysis discovered that GitHub Desktop is vulnerable to a case of carriage return (“r”) smuggling whereby injecting the character right into a crafted URL can leak the credentials to an attacker-controlled host.
“Utilizing a maliciously crafted URL it is doable to trigger the credential request coming from Git to be misinterpreted by Github Desktop such that it’ll ship credentials for a special host than the host that Git is at present speaking with thereby permitting for secret exfiltration,” GitHub mentioned in an advisory.
An identical weak point has additionally been recognized within the Git Credential Supervisor NuGet bundle, permitting for credentials to be uncovered to an unrelated host. Git LFS, likewise, has been discovered to not verify for any embedded management characters, leading to a carriage return line feed (CRLF) injection through crafted HTTP URLs.
Alternatively, the vulnerability impacting GitHub CLI takes benefit of the truth that the entry token is configured to be despatched to hosts apart from github[.]com and ghe[.]com so long as the atmosphere variables GITHUB_ENTERPRISE_TOKEN, GH_ENTERPRISE_TOKEN, and GITHUB_TOKEN are set, and CODESPACES is ready to “true” within the case of the latter.
“Whereas each enterprise-related variables are usually not frequent, the CODESPACES atmosphere variable is at all times set to true when operating on GitHub Codespaces,” Ry0taK mentioned. “So, cloning a malicious repository on GitHub Codespaces utilizing GitHub CLI will at all times leak the entry token to the attacker’s hosts.”
Profitable exploitation of the aforementioned flaws may result in a malicious third-party utilizing the leaked authentication tokens to entry privileged sources.
In response to the disclosures, the credential leakage stemming from carriage return smuggling has been handled by the Git undertaking as a standalone vulnerability (CVE-2024-52006, CVSS rating: 2.1) and addressed in model v2.48.1.
“This vulnerability is expounded to CVE-2020-5260, however depends on habits the place single carriage return characters are interpreted by some credential helper implementations as newlines,” GitHub software program engineer Taylor Blau mentioned in a submit about CVE-2024-52006.
The newest model additionally patches CVE-2024-50349 (CVSS rating: 2.1), which may very well be exploited by an adversary to craft URLs containing escape sequences to trick customers into offering their credentials to arbitrary websites.
Customers are suggested to replace to the newest model to guard in opposition to these vulnerabilities. If fast patching shouldn’t be an choice, the chance related to the failings might be mitigated by avoiding operating git clone with –recurse-submodules in opposition to untrusted repositories. It is also really useful to not use the credential helper by solely cloning publicly accessible repositories.
