The vulnerability allows for remote code execution (RCE) during the cloning of repositories with submodules, and proof-of-concept (PoC) exploits have already been released, raising concerns within the cybersecurity community, a tweet by ThreatMon.
🚨 GIT CVE-2024-32002 RCE ExploitThe CVE-2024-32002 exploit, a vulnerability in GIT (Version Control System) open to remote access, has been disclosed. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules could be created… pic.twitter.com/Rm4Gfhcl50
— ThreatMon (@MonThreat) May 22, 2024
CVE-2024-32002 – Details of the Vulnerability
The CVE-2024-32002 vulnerability exploits a subtle interaction between case-insensitive filesystems and symbolic links.
By crafting a repository with a specially designed submodule and a symbolic link, attackers can deceive Git into executing amalicious hook script during the clone process.
To mitigate the risks associated with CVE-2024-32002, users are advised to disable symbolic link support in Git by using the command git config –global core.symlinks false. Additionally, it is crucial to avoid cloning repositories from untrusted sources.
Git has released patches in versions v2.45.1, v2.44.1, v2.43.4, v2.42.2, v2.41.1, v2.40.2, and v2.39.4 to address this and other vulnerabilities, including CVE-2024-32004, which also allows RCE but under different conditions.
The widespread use of Git in software development, including platforms like GitHub and GitLab, amplifies the potential impact of this vulnerability.
For those unable to update immediately, caution is advised when cloning repositories from untrusted sources.
The cybersecurity community continues to monitor the situation closely, with ongoing efforts to enhance the security of Git and related tools.
For more detailed information and updates, visit the Git Security page on GitHub and stay informed about the latest advisories and security issues related to Git.
