CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
29.8%
Git for Windows, the Windows port of Git, ships with an executable called connect.exe
, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of connect.exe
’s config file is hard-coded as /etc/connectrc
which will typically be interpreted as C:\etc\connectrc
. Since C:\etc
can be created by any authenticated user, this makes connect.exe
susceptible to malicious files being placed there by other users on the same multi-user machine. The problem has been patched in Git for Windows v2.40.1. As a workaround, create the folder etc
on all drives where Git commands are run, and remove read/write access from those folders. Alternatively, watch out for malicious <drive>:\etc\connectrc
files on multi-user machines.
Vendor | Product | Version | CPE |
---|---|---|---|
git_for_windows_project | git_for_windows | * | cpe:2.3:a:git_for_windows_project:git_for_windows:*:*:*:*:*:*:*:* |