CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
29.8%
Git for Windows, the Windows port of Git, ships with an executable called connect.exe
, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of connect.exe
’s config file is hard-coded as /etc/connectrc
which will typically be interpreted as C:\etc\connectrc
. Since C:\etc
can be created by any authenticated user, this makes connect.exe
susceptible to malicious files being placed there by other users on the same multi-user machine. The problem has been patched in Git for Windows v2.40.1. As a workaround, create the folder etc
on all drives where Git commands are run, and remove read/write access from those folders. Alternatively, watch out for malicious <drive>:\etc\connectrc
files on multi-user machines.
[
{
"vendor": "git-for-windows",
"product": "git",
"versions": [
{
"version": "< 2.40.1",
"status": "affected"
}
]
}
]
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
29.8%