Published Corrective issues of a distributed management system of the initial texts Git 2.35.2, 2.30.3, 2.31. 2, 2.32.1, 2.33.2 and 2.34.2, which eliminated two vulnerabilities :
- CVE-2022-24765 – On multiplayer systems with shared directories, the possibility of organizing an attack leading to the launch of commands defined by another user is revealed. The attacker can create a “.git” directory in places intersecting with other users (for example, in shared directories or directories with temporary files) and place it in it. Git commands (for example, you can use the core to arrange the code execution of the code. FSMonitor ).
Defined in “.git / config” The handlers will be called with the rights of another user if this user uses the Git in the directory located above the level created by the attacker “.git”. Including the challenge can be made indirectly, for example, when using code editors with GIT support, such as VS Code and Atom, or when applying add-ons that run “Git Status” (for example, Git Bash or Posh-Git). In the Git 2.35.2 version, the vulnerability is blocked through changes in the search logic “.git” in the underlying directories (Catalog “.git” is no longer taken into account if it belongs to another user).
- CVE-2022-24767 – a Windows-specific vulnerability platform, allowing you to organize a code with System privileges when you start the removal operation (Uninstall) Git for Windows program. The problem is caused by the fact that the removal program starts in a temporary directory accessible to the recording of the system users. The attack is carried out through the placement of the replacement DLL in the temporary directory, which will be downloaded when you start uninstaller with System rights.