A number of safety vulnerabilities have been disclosed in GitHub Desktop in addition to different Git-related tasks that, if efficiently exploited, may allow an attacker to realize unauthorized entry to a consumer’s Git credentials.
“Git implements a protocol referred to as Git Credential Protocol to retrieve credentials from the credential helper,” GMO Flatt Safety researcher Ry0taK, who found the failings, stated in an evaluation revealed Sunday. “Due to improper dealing with of messages, many tasks have been susceptible to credential leakage in varied methods.”
The record of recognized vulnerabilities is as follows –
- CVE-2025-23040 (CVSS rating: 6.6) – Maliciously crafted distant URLs may result in credential leaks in GitHub Desktop
- CVE-2024-50338 (CVSS rating: 7.4) – Carriage-return character in distant URL permits the malicious repository to leak credentials in Git Credential Supervisor
- CVE-2024-53263 (CVSS rating: 8.5) – Git LFS permits retrieval of credentials through crafted HTTP URLs
- CVE-2024-53858 (CVSS rating: 6.5) – Recursive repository cloning in GitHub CLI can leak authentication tokens to non-GitHub submodule hosts
Whereas the credential helper is designed to return a message containing the credentials which are separated by the newline management character (“n”), the analysis discovered that GitHub Desktop is prone to a case of carriage return (“r”) smuggling whereby injecting the character right into a crafted URL can leak the credentials to an attacker-controlled host.
“Utilizing a maliciously crafted URL it is attainable to trigger the credential request coming from Git to be misinterpreted by Github Desktop such that it’ll ship credentials for a distinct host than the host that Git is at present speaking with thereby permitting for secret exfiltration,” GitHub stated in an advisory.
The same weak spot has additionally been recognized within the Git Credential Supervisor NuGet bundle, permitting for credentials to be uncovered to an unrelated host. Git LFS, likewise, has been discovered to not verify for any embedded management characters, leading to a carriage return line feed (CRLF) injection through crafted HTTP URLs.
Then again, the vulnerability impacting GitHub CLI takes benefit of the truth that the entry token is configured to be despatched to hosts apart from github[.]com and ghe[.]com so long as the setting variables GITHUB_ENTERPRISE_TOKEN, GH_ENTERPRISE_TOKEN, and GITHUB_TOKEN are set, and CODESPACES is about to “true” within the case of the latter.
“Whereas each enterprise-related variables will not be frequent, the CODESPACES setting variable is all the time set to true when working on GitHub Codespaces,” Ry0taK stated. “So, cloning a malicious repository on GitHub Codespaces utilizing GitHub CLI will all the time leak the entry token to the attacker’s hosts.”
Profitable exploitation of the aforementioned flaws may result in a malicious third-party utilizing the leaked authentication tokens to entry privileged sources.
In response to the disclosures, the credential leakage stemming from carriage return smuggling has been handled by the Git challenge as a standalone vulnerability (CVE-2024-52006, CVSS rating: 2.1) and addressed in model v2.48.1.
“This vulnerability is said to CVE-2020-5260, however depends on conduct the place single carriage return characters are interpreted by some credential helper implementations as newlines,” GitHub software program engineer Taylor Blau stated in a put up about CVE-2024-52006.
The most recent model additionally patches CVE-2024-50349 (CVSS rating: 2.1), which may very well be exploited by an adversary to craft URLs containing escape sequences to trick customers into offering their credentials to arbitrary websites.
Customers are suggested to replace to the most recent model to guard towards these vulnerabilities. If fast patching shouldn’t be an possibility, the danger related to the failings could be mitigated by avoiding working git clone with –recurse-submodules towards untrusted repositories. It is also really helpful to not use the credential helper by solely cloning publicly accessible repositories.
