← voltar
CVE-2024-32002

Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution

CVSS 9.1 CRITICALEPSS 25.3%CWE-22CWE-434
Em resumo

O Git pode ser enganado para escrever arquivos em locais errados durante clonagem de submódulos em sistemas de arquivos insensíveis a maiúsculas/minúsculas com suporte a links simbólicos, permitindo que atacantes executem código malicioso automaticamente antes da revisão do usuário.

Detalhe técnico

CVE-2024-32002 explora vulnerabilidades de travessia de caminho (CWE-22) e upload arbitrário de arquivo (CWE-434) no tratamento de submódulos do Git. Um repositório preparado com submódulos maliciosos pode fazer o Git escrever arquivos em diretórios `.git/` em vez dos caminhos de worktree pretendidos, permitindo execução de hooks durante operações ativas de clone. O ataque requer clonagem de repositório controlado pelo atacante em sistemas de arquivos insensíveis a maiúsculas/minúsculas com suporte a symlink ativado.

Resumo gerado e traduzido por IA a partir da descrição oficial.
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
git · git
PoCs públicas encontradas70
githubgithub.com/amalmurali47/git_rce532githubgithub.com/safebuffer/CVE-2024-32002109githubgithub.com/amalmurali47/hook18githubgithub.com/M507/CVE-2024-320029githubgithub.com/YukaFake/CVE-2024-32002-Reverse-Shell6githubgithub.com/jweny/CVE-2024-32002_EXP3githubgithub.com/jweny/CVE-2024-32002_HOOK3githubgithub.com/NishanthAnand21/CVE-2024-32002-PoC3githubgithub.com/10cks/CVE-2024-32002-EXP2githubgithub.com/bfengj/CVE-2024-32002-Exploit2githubgithub.com/markuta/CVE-2024-320022githubgithub.com/BasyacatX/CVE-2024-32002-PoC_Chinese2githubgithub.com/10cks/hook1githubgithub.com/Goplush/CVE-2024-32002-git-rce1githubgithub.com/jakob-pennington/cve-2024-32002-poc-rce1githubgithub.com/grecosamuel/CVE-2024-320021githubgithub.com/BohemianHacks/CVE-2024-32002-poc1githubgithub.com/th4s1s/CVE-2024-32002-PoC1githubgithub.com/fadhilthomas/poc-cve-2024-320021githubgithub.com/CrackerCat/CVE-2024-32002_EXP1githubgithub.com/fadhilthomas/hook0githubgithub.com/jakob-pennington/cve-2024-32002-submodule-aw0githubgithub.com/jakob-pennington/cve-2024-32002-poc-aw0githubgithub.com/431m/rcetest0githubgithub.com/AD-Appledog/CVE-2024-320020githubgithub.com/AD-Appledog/wakuwaku0githubgithub.com/tobelight/cve_2024_320020githubgithub.com/sysonlai/CVE-2024-32002-hook0githubgithub.com/TSY244/CVE-2024-32002-git-rce-father-poc0githubgithub.com/blackninja23/CVE-2024-320020githubgithub.com/daemon-reconfig/CVE-2024-320020githubgithub.com/charlesgargasson/CVE-2024-320020githubgithub.com/FlojBoj/CVE-2024-320020githubgithub.com/SpycioKon/CVE-2024-320020githubgithub.com/chrisWalker11/running-CVE-2024-32002-locally-for-tesing0githubgithub.com/sanan2004/CVE-2024-320020githubgithub.com/Masamuneee/hook0githubgithub.com/Masamuneee/CVE-2024-32002-POC0githubgithub.com/jolibb55/donald0githubgithub.com/ashutosh0408/CVE-2024-320020githubgithub.com/ashutosh0408/Cve-2024-32002-poc0githubgithub.com/Dre4m017/fuzzy0githubgithub.com/JoaoLeonello/cve-2024-32002-poc0githubgithub.com/srakkk/cve-2024-32002-demo0githubgithub.com/srakkk/cve-2024-32002-hook0githubgithub.com/DayDayDayDreaming/backup-exec-hook0githubgithub.com/DayDayDayDreaming/backup-exec-cve-320020githubgithub.com/ControlO8/CVE-2024-320020githubgithub.com/ControlO8/CVE-2024-32002-hook0githubgithub.com/Roronoawjd/git_rce0githubgithub.com/TSY244/CVE-2024-32002-git-rce0githubgithub.com/aitorcastel/poc_CVE-2024-32002_submodule0githubgithub.com/markuta/hooky0githubgithub.com/jakob-pennington/cve-2024-32002-submodule-rce0githubgithub.com/10cks/CVE-2024-32002-POC0githubgithub.com/10cks/CVE-2024-32002-hulk0githubgithub.com/10cks/CVE-2024-32002-submod0githubgithub.com/10cks/CVE-2024-32002-smash0githubgithub.com/10cks/CVE-2024-32002-linux-hulk0githubgithub.com/10cks/CVE-2024-32002-linux-submod0githubgithub.com/10cks/CVE-2024-32002-linux-smash0githubgithub.com/aitorcastel/poc_CVE-2024-320020githubgithub.com/Roronoawjd/hook0githubgithub.com/1mxml/CVE-2024-32002-poc0githubgithub.com/bfengj/CVE-2024-32002-hook0githubgithub.com/vincepsh/CVE-2024-320020githubgithub.com/vincepsh/CVE-2024-32002-hook0githubgithub.com/YukaFake/CVE-2024-320020githubgithub.com/WOOOOONG/CVE-2024-320020githubgithub.com/WOOOOONG/hook0
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/git/git/commit/97065761333fd62db1912d81b489db938d8c991dhttps://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgvhttps://git-scm.com/docs/git-clone#Documentation/git-clone.txt---recurse-submodulesltpathspecgthttps://git-scm.com/docs/git-config#Documentation/git-config.txt-coresymlinkshttps://lists.debian.org/debian-lts-announce/2024/06/msg00018.htmlhttps://lists.debian.org/debian-lts-announce/2024/09/msg00009.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/http://www.openwall.com/lists/oss-security/2024/05/14/2