SB2023021528 - Multiple vulnerabilities in Git for Windows
Published: February 15, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Untrusted search path (CVE-ID: CVE-2023-22743)
The vulnerability allows a remote attacker co compromise the affected system.
The vulnerability exists due to insecure loading of .dll libraries in Git for Windows installer. A remote attacker can place a malicious DLL file into a subdirectory of a specific name next to the Git for Windows installer (e.g. into a download folder) and execute it on the system by tricking the victim to launch the Git for Windows installer from that directory.
2) Untrusted search path (CVE-ID: CVE-2023-23618)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to "gitk" on Windows executes binaries from the current working directory. A remote attacker can trick the victim into placing a malicious binary into the working directory using social engineering and trick users into running untrusted code.
3) Link following (CVE-ID: CVE-2023-22490)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insecure processing of symbolic links when using local clone optimization. Git will abort local clones whose source `$GIT_DIR/objects` directory
contains symbolic links, however the `objects` directory itself may still be a
symbolic link. A remote attacker can trick the victim into using the local clone optimization to exfiltrate arbitrary files from the victim's system.
4) Link following (CVE-ID: CVE-2023-23946)
The vulnerability allows an attacker to compromise the affected system.
The vulnerability exists due to application allows to overwrite files outside the working tree via the "git apply" command. A remote attacker can trick the victim to run the affected command against a malicious or compromised repository and overwrite arbitrary files on the system.
Remediation
Install update from vendor's website.
References
- https://github.com/git-for-windows/git/security/advisories/GHSA-p2x9-prp4-8gvq
- https://github.com/git-for-windows/git/releases/tag/v2.39.2.windows.1
- https://github.com/git-for-windows/git/security/advisories/GHSA-wxwv-49qw-35pm
- https://github.com/git-for-windows/git/commit/49a8ec9dac3cec6602f05fed1b3f80a549c8c05c
- https://github.com/git-for-windows/git/releases/tag/v2.35.7.windows.1