Vulnerability Description
Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of `connect.exe`'s config file is hard-coded as `/etc/connectrc` which will typically be interpreted as `C:\etc\connectrc`. Since `C:\etc` can be created by any authenticated user, this makes `connect.exe` susceptible to malicious files being placed there by other users on the same multi-user machine. The problem has been patched in Git for Windows v2.40.1. As a workaround, create the folder `etc` on all drives where Git commands are run, and remove read/write access from those folders. Alternatively, watch out for malicious `<drive>:\etc\connectrc` files on multi-user machines.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Git For Windows Project | Git For Windows | < 2.40.1 |
Related Weaknesses (CWE)
References
- https://github.com/git-for-windows/git/releases/tag/v2.40.1.windows.1Release Notes
- https://github.com/git-for-windows/git/security/advisories/GHSA-g4fv-xjqw-q7jmVendor Advisory
- https://github.com/git-for-windows/git/releases/tag/v2.40.1.windows.1Release Notes
- https://github.com/git-for-windows/git/security/advisories/GHSA-g4fv-xjqw-q7jmVendor Advisory
FAQ
What is CVE-2023-29011?
CVE-2023-29011 is a vulnerability with a CVSS score of 7.5 (HIGH). Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports ...
How severe is CVE-2023-29011?
CVE-2023-29011 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-29011?
Check the references section above for vendor advisories and patch information. Affected products include: Git For Windows Project Git For Windows.