Multiple vulnerabilities in Git for Windows
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2023-22743 CVE-2023-23618 CVE-2023-22490 CVE-2023-23946 |
| CWE-ID | CWE-426 CWE-59 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Git for Windows Other software / Other software solutions |
| Vendor | Git for Windows |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Untrusted search path
EUVDB-ID: #VU72244
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-22743
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker co compromise the affected system.
The vulnerability exists due to insecure loading of .dll libraries in Git for Windows installer. A remote attacker can place a malicious DLL file into a subdirectory of a specific name next to the Git for Windows installer (e.g. into a download folder) and execute it on the system by tricking the victim to launch the Git for Windows installer from that directory.
Install updates from vendor's website.
Vulnerable software versionsGit for Windows: 2.39.0 - 2.39.1.1
External linkshttp://github.com/git-for-windows/git/security/advisories/GHSA-p2x9-prp4-8gvq
http://github.com/git-for-windows/git/releases/tag/v2.39.2.windows.1
http://github.com/git-for-windows/git/releases/tag/v2.39.2.windows.1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Untrusted search path
EUVDB-ID: #VU72243
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-23618
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to "gitk" on Windows executes binaries from the current working directory. A remote attacker can trick the victim into placing a malicious binary into the working directory using social engineering and trick users into running untrusted code.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGit for Windows: 2.39.0 - 2.39.1.1
External linkshttp://github.com/git-for-windows/git/security/advisories/GHSA-wxwv-49qw-35pm
http://github.com/git-for-windows/git/commit/49a8ec9dac3cec6602f05fed1b3f80a549c8c05c
http://github.com/git-for-windows/git/releases/tag/v2.39.2.windows.1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Link following
EUVDB-ID: #VU72246
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-22490
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insecure processing of symbolic links when using local clone optimization. Git will abort local clones whose source `$GIT_DIR/objects` directory
contains symbolic links, however the `objects` directory itself may still be a
symbolic link. A remote attacker can trick the victim into using the local clone optimization to exfiltrate arbitrary files from the victim's system.
Install updates from vendor's website.
Vulnerable software versionsGit for Windows: 2.3.0.1 - 2.39.1.1
External linkshttp://github.com/git-for-windows/git/releases/tag/v2.35.7.windows.1
http://github.com/git-for-windows/git/releases/tag/v2.39.2.windows.1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Link following
EUVDB-ID: #VU72245
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-23946
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows an attacker to compromise the affected system.
The vulnerability exists due to application allows to overwrite files outside the working tree via the "git apply" command. A remote attacker can trick the victim to run the affected command against a malicious or compromised repository and overwrite arbitrary files on the system.
Install updates from vendor's website.
Vulnerable software versionsGit for Windows: 2.3.0.1 - 2.39.1.1
External linkshttp://github.com/git-for-windows/git/releases/tag/v2.35.7.windows.1
http://github.com/git-for-windows/git/releases/tag/v2.39.2.windows.1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
