Skip to content

Bypass of safe.directory protections

Moderate
dscho published GHSA-j342-m5hw-rr3v Jul 12, 2022

Package

git (-)

Affected versions

>= 2.30.3
>= 2.31.2
>= 2.32.1
>= 2.33.2
>= 2.34.2
>= 2.35.2
>= 2.36
>= 2.37

Patched versions

>= 2.30.5
>= 2.31.4
>= 2.32.3
>= 2.33.4
>= 2.34.4
>= 2.35.4
>= 2.36.2
>= 2.37.1

Description

Impact

Privilege escalation in all platforms

An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository by doing:

$ git -C /tmp init

Patches

ETA of first half of July, 2022

Workarounds

The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum.

While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.

References

For more information

If you have any questions or comments about this advisory:

For public questions, contact the Git mailing list (details at https://git-scm.com/community)
To disclose further vulnerabilities privately, contact the Git-security list by emailing [email protected]

Severity

Moderate

CVE ID

CVE-2022-29187

Weaknesses

Improper Ownership Management

The product assigns the wrong ownership, or does not properly verify the ownership, of an object or resource. Learn more on MITRE.

Credits