Git Vulnerabilities Result in User Credentials Exposure
/ 1 min read
🛠️ Git vulnerabilities expose user credentials through improper handling of messages. Security researcher RyotaK identified multiple vulnerabilities in Git’s credential retrieval protocol, notably a carriage return smuggling bug tracked as CVE-2025-23040, which allows malicious repositories to leak user credentials. This issue arises from discrepancies in how Git and GitHub Desktop parse URLs, leading to unintended credential exposure. Additional vulnerabilities, including CVE-2024-50338 and CVE-2024-53263, were also discovered in Git Credential Manager and Git LFS, respectively. Git has since implemented patches to address these flaws, including a new validation to reject URLs containing carriage return characters. The updates aim to enhance security and prevent future credential leaks.
