Untrusted search path in Git for Windows - CVE-2023-29012

Vulnerability identifier: #VU75483

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-29012

CWE-ID: CWE-426

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Git for Windows

Software vendor:
Git for Windows

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insecure implementation of the Git CMD function, which automatically searches and  executes the doskey.exe file from the current working directory. A remote attacker can trick the victim into placing a malicious file and tricking the victim into executing the CMD command in the directory with malicious file.

Install updates from vendor's website.

• https://github.com/git-for-windows/git/security/advisories/GHSA-gq5x-v87v-8f7g
• https://github.com/git-for-windows/git/releases/tag/v2.40.1.windows.1