CVE-2024-32002

Published May 14, 2024

Last updated 3 months ago

CVSS critical 9.0

Overview

Description
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
Source
security-advisories@github.com
NVD status
Modified

Risk scores

CVSS 3.1

Type
Primary
Base score
9
Impact score
6
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security-advisories@github.com
CWE-22
nvd@nist.gov
CWE-59

Social media

Hype score
Not currently trending

  1. A critical Git vulnerability (CVE-2024-32002) enables RCE attacks via submodules, impacting Git & Visual Studio 2017. OPSWAT students analyzed patches, simulated attacks, and used MetaDefender Endpoint for mitigation. Read more:https://t.co/gbIAxyfJxT https://t.co/t8bs0gc9Zw

    @OPSWAT

    23 Dec 2024

    100 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Merry Christmas and happy holidays. I got one final writeup for the year coming at you! Compiled is a fun medium windows box that features some interesting exploitation paths. The user step revolves around a git clone CVE-2024-32002 and some lateral movement while root centers

    @0x_hackerfren

    21 Dec 2024

    190 Impressions

    0 Retweets

    8 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Compiled is a medium machine from @hackthebox_eu =>CVE-2024-32002 (a git-rce)=>abuse git clone to expose .git/ to execution context=>CVE-2024-20656=>abuse VSCode’s VSStandardCollectorService150 service -default setup as NT AUTHORITY\SYSTEM- to get a shell https://t.co

    @_kujen5

    14 Dec 2024

    20 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. New retired machine, Compiled from @hackthebox_eu. This box features CVE-2024-32002 for the initial foothold and CVE-2024-20656 for the privilege escalation. It was a great way to learn about code compilation and how Visual Studio works. https://t.co/bxnt1AfAeH

    @_KScorpio

    14 Dec 2024

    136 Impressions

    0 Retweets

    11 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. У GitHub CLI виявлено критичну вразливість, яка дозволяє зловмисникам виконувати шкідливі команди в системі користувача завдяки Remote Code Execution. Ця вразливість отримала ідентифікатор CVE-2024-32002 і зачіпає версії GitHub CLI до 2.62.0 і становить значну загрозу для… https

    @doucommunity

    18 Nov 2024

    1191 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  6. Vulnerabilidad crítica en GIT. CVE-2024-32002: permite la ejecución remota de código (RCE) simplemente clonando un repositorio.

    @carlos_dagorret

    3 Nov 2024

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. https://t.co/yRnQgrlhjc 闲逛看到CVE-2024-32002,git clone 的RCE漏洞,可以执行代码,6个月前就爆了,这个大洞居然没啥印象 影响 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, 2.39.4 之前的git版本 临时修复方式: git config --global core.symlinks false 随便clone有风险,各位X友当心 https://t.co/ZLNVAm8QHv

    @jokimina_

    1 Nov 2024

    117 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

Configurations

References