CVE-2023-29012

Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed `doskey.exe` would be executed silently upon running Git CMD. The problem has been patched in Git for Windows v2.40.1. As a workaround, avoid using Git CMD or, if using Git CMD, avoid starting it in an untrusted directory.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/git-for-windows/git/releases/tag/v2.40.1.windows.1	Release Notes
https://github.com/git-for-windows/git/security/advisories/GHSA-gq5x-v87v-8f7g	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:git_for_windows_project:git_for_windows:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-04-25 21:15

Updated : 2024-02-28 20:13

NVD link : CVE-2023-29012

Mitre link : CVE-2023-29012

CVE.ORG link : CVE-2023-29012

JSON object : View

Products Affected

git_for_windows_project

git_for_windows

CWE

CWE-427

Uncontrolled Search Path Element

{"id": "CVE-2023-29012", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.6}]}, "published": "2023-04-25T21:15:10.557", "references": [{"url": "https://github.com/git-for-windows/git/releases/tag/v2.40.1.windows.1", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/git-for-windows/git/security/advisories/GHSA-gq5x-v87v-8f7g", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed `doskey.exe` would be executed silently upon running Git CMD. The problem has been patched in Git for Windows v2.40.1. As a workaround, avoid using Git CMD or, if using Git CMD, avoid starting it in an untrusted directory."}], "lastModified": "2023-05-04T21:18:15.470", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:git_for_windows_project:git_for_windows:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E740B447-D96A-40C3-AFA9-9B058379E04D", "versionEndExcluding": "2.40.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}