Cybersecurity blog header

CVE-2024-32002: Critical vulnerability in Git

- S.T.A².R.S Team

CVE 2024-32002 vulnerability affects world's leading update control software

Critical vulnerability CVE-2024-32002 affecting Git update control software can lead to remote code execution

A critical vulnerability in Git has recently been published that could lead to remote command injection. The vulnerability, whose identifier is CVE-2024-32002, has a CVSS score of 9.0.

The exploitation occurs when the victim clones a malicious repository recursively, which would execute hooks contained in the submodules. The vulnerability lies in the way Git handles symbolic links in repository submodules. There are currently several PoCs with public exploits that expose the vulnerability.

Git is the most widely used version control system, designed by Linus Torvalds.

The vulnerability only applies to Git versions prior to 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2 and 2.39.4, configured with symbolic link support and under case-insensitive operating systems.

Main features

The main characteristics of this vulnerability are detailed below:

  • CVE Identifier: CVE-2024-32002
  • Release date: 14/05/2024
  • Affected software: Git SCM
  • CVSS Score: CVSS:3.1/ AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H (9.0 Critical)
  • Affected versions
    • Prior to:
      • 2.45.1
      • 2.44.1
      • 2.43.4
      • 2.42.2
      • 2.41.1
      • 2.40.2
      • 2.39.4
  • Exploitation Requirements
    • The software must have been configured with support for symbolic links.
    • The operating system must be case-insensitive.

Mitigation

The main solution is to urgently update the Git software to one of the new patched versions that fix this vulnerability:

  • 2.45.1
  • 2.44.1
  • 2.43.4
  • 2.42.2
  • 2.41.1
  • 2.40.2
  • 2.39.4

Additionally, you can mitigate the vulnerability by disabling symbolic links for Git:

git config --global core.symlinks false

Vulnerability detection

The presence of the vulnerability can be identified by the version number.

As part of its emerging vulnerabilities service, Tarlogic proactively monitors the perimeter of its clients to report, detect, and urgently notify of the presence of this vulnerability, as well as other critical threats that could have a serious impact on the security of their assets.

References
  • https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv
  • https://socradar.io/critical-security-updates-for-git-scm-cve-2024-32002-cve-2024-32004-lead-to-rce/
  • https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2024-32002
  • https://github.com/amalmurali47/git_rce