7 matches found
CVE-2024-50338
Git Credential Manager GCM is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the...
GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs
Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to a user's Git credentials. "Git implements a protocol called Git Credential Protocol to retrieve...
CVE-2024-50338
Git Credential Manager GCM is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the...
CVE-2024-50338 Carriage-return character in remote URL allows malicious repository to leak credentials in Git Credential Manager
Git Credential Manager GCM is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the...
CVE-2024-50338 Carriage-return character in remote URL allows malicious repository to leak credentials in Git Credential Manager
Git Credential Manager GCM is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the...
CVE-2024-50338
Git Credential Manager (GCM) on Windows/macOS/Linux is affected by CVE-2024-50338 due to a newline handling mismatch with Git. GCM’s ReadLineAsync accepts LF, CRLF, and CR, while Git’s credential parsing forbids an isolated CR, enabling an attacker to craft a malicious remote URL (for example, ht...
GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager
...