skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Vulnerabilities in Git Projects Expose User Credentials

/ 1 min read

🦠 Multiple vulnerabilities discovered in Git-related projects expose user credentials. Security engineer RyotaK identified several critical vulnerabilities while investigating GitHub Desktop and other Git-related tools, allowing malicious repositories to leak user credentials through improper handling of the Git Credential Protocol. Key issues include carriage return smuggling in GitHub Desktop and Git Credential Manager, as well as newline injection vulnerabilities in Git LFS. Additionally, the GitHub CLI and GitHub Codespaces were found to leak access tokens to arbitrary hosts due to flawed logic in their credential handling. Git has since implemented mitigations to address these vulnerabilities, emphasizing the need for robust security practices in text-based protocols. The findings aim to enhance security within the Git community and encourage further research.

Source
{entry.data.source.title}
Original