A number of safety vulnerabilities have been disclosed in GitHub Desktop in addition to different Git-related tasks that, if efficiently exploited, might allow an attacker to realize unauthorized entry to a consumer’s Git credentials.
“Git implements a protocol referred to as Git Credential Protocol to retrieve credentials from the credential helper,” GMO Flatt Safety researcher Ry0taK, who found the failings, stated in an evaluation revealed Sunday. “Due to improper dealing with of messages, many tasks have been weak to credential leakage in numerous methods.”
The checklist of recognized vulnerabilities is as follows –
- CVE-2025-23040 (CVSS rating: 6.6) – Maliciously crafted distant URLs might result in credential leaks in GitHub Desktop
- CVE-2024-50338 (CVSS rating: 7.4) – Carriage-return character in distant URL permits the malicious repository to leak credentials in Git Credential Supervisor
- CVE-2024-53263 (CVSS rating: 8.5) – Git LFS permits retrieval of credentials through crafted HTTP URLs
- CVE-2024-53858 (CVSS rating: 6.5) – Recursive repository cloning in GitHub CLI can leak authentication tokens to non-GitHub submodule hosts
Whereas the credential helper is designed to return a message containing the credentials which can be separated by the newline management character (“n”), the analysis discovered that GitHub Desktop is prone to a case of carriage return (“r”) smuggling whereby injecting the character right into a crafted URL can leak the credentials to an attacker-controlled host.
“Utilizing a maliciously crafted URL it is doable to trigger the credential request coming from Git to be misinterpreted by Github Desktop such that it’ll ship credentials for a unique host than the host that Git is at the moment speaking with thereby permitting for secret exfiltration,” GitHub stated in an advisory.
The same weak point has additionally been recognized within the Git Credential Supervisor NuGet bundle, permitting for credentials to be uncovered to an unrelated host. Git LFS, likewise, has been discovered to not test for any embedded management characters, leading to a carriage return line feed (CRLF) injection through crafted HTTP URLs.
Alternatively, the vulnerability impacting GitHub CLI takes benefit of the truth that the entry token is configured to be despatched to hosts aside from github[.]com and ghe[.]com so long as the surroundings variables GITHUB_ENTERPRISE_TOKEN, GH_ENTERPRISE_TOKEN, and GITHUB_TOKEN are set, and CODESPACES is ready to “true” within the case of the latter.
“Whereas each enterprise-related variables are usually not widespread, the CODESPACES surroundings variable is all the time set to true when operating on GitHub Codespaces,” Ry0taK stated. “So, cloning a malicious repository on GitHub Codespaces utilizing GitHub CLI will all the time leak the entry token to the attacker’s hosts.”
Profitable exploitation of the aforementioned flaws might result in a malicious third-party utilizing the leaked authentication tokens to entry privileged sources.
In response to the disclosures, the credential leakage stemming from carriage return smuggling has been handled by the Git challenge as a standalone vulnerability (CVE-2024-52006, CVSS rating: 2.1) and addressed in model v2.48.1.
“This vulnerability is said to CVE-2020-5260, however depends on conduct the place single carriage return characters are interpreted by some credential helper implementations as newlines,” GitHub software program engineer Taylor Blau stated in a submit about CVE-2024-52006.
The most recent model additionally patches CVE-2024-50349 (CVSS rating: 2.1), which may very well be exploited by an adversary to craft URLs containing escape sequences to trick customers into offering their credentials to arbitrary websites.
Customers are suggested to replace to the most recent model to guard in opposition to these vulnerabilities. If instant patching isn’t an choice, the danger related to the failings might be mitigated by avoiding operating git clone with –recurse-submodules in opposition to untrusted repositories. It is also really helpful to not use the credential helper by solely cloning publicly obtainable repositories.