Lucene search

K
cvelistGitHub_MCVELIST:CVE-2023-29011
HistoryApr 25, 2023 - 8:40 p.m.

CVE-2023-29011 Git for Windows's config file of `connect.exe` is susceptible to malicious placing

2023-04-2520:40:30
CWE-427
GitHub_M
www.cve.org
8
git for windows
socks5 proxy
config file
vulnerability
multi-user machines
git commands.

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

8

Confidence

High

EPSS

0.001

Percentile

29.8%

Git for Windows, the Windows port of Git, ships with an executable called connect.exe, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of connect.exe’s config file is hard-coded as /etc/connectrc which will typically be interpreted as C:\etc\connectrc. Since C:\etc can be created by any authenticated user, this makes connect.exe susceptible to malicious files being placed there by other users on the same multi-user machine. The problem has been patched in Git for Windows v2.40.1. As a workaround, create the folder etc on all drives where Git commands are run, and remove read/write access from those folders. Alternatively, watch out for malicious <drive>:\etc\connectrc files on multi-user machines.

CNA Affected

[
  {
    "vendor": "git-for-windows",
    "product": "git",
    "versions": [
      {
        "version": "< 2.40.1",
        "status": "affected"
      }
    ]
  }
]

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

8

Confidence

High

EPSS

0.001

Percentile

29.8%