3 matches found
GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs
Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to a user's Git credentials. "Git implements a protocol called Git Credential Protocol to retrieve...
CVE-2025-23040
CVE-2025-23040 affects GitHub Desktop prior to 3.4.12. A maliciously crafted remote URL can cause the credential request from Git to be misinterpreted by GitHub Desktop via the git-credential protocol, leading to exfiltration of credentials (GitHub username, OAuth tokens, or other remote-host cre...
CVE-2025-23040 Maliciously crafted remote URLs could lead to credential leak in GitHub Desktop
GitHub Desktop is an open-source Electron-based GitHub app designed for git development. An attacker convincing a user to clone a repository directly or through a submodule can allow the attacker access to the user's credentials through the use of maliciously crafted remote URL. GitHub Desktop...