A series of critical security flaws have been unearthed in GitHub Desktop and other Git-related utilities, revealing the potential for adversaries to clandestinely obtain unauthorized access to a user’s Git credentials.
“Git operates under a mechanism known as the Git Credential Protocol to extract credentials via the credential helper,” stated Ry0taK, a cybersecurity researcher at GMO Flatt Security, in an analytical report published on Sunday. “Due to improper message handling, a myriad of projects have been rendered susceptible to various forms of credential leakage.”
The catalog of vulnerabilities unveiled includes:
- CVE-2025-23040 (CVSS Score: 6.6): Exploits involving maliciously constructed remote URLs could lead to credential exposure in GitHub Desktop.
- CVE-2024-50338 (CVSS Score: 7.4): A carriage-return character embedded within a remote URL can permit a rogue repository to siphon credentials via the Git Credential Manager.
- CVE-2024-53263 (CVSS Score: 8.5): Git LFS is vulnerable to credential extraction through maliciously crafted HTTP URLs.
- CVE-2024-53858 (CVSS Score: 6.5): Recursive cloning of repositories in GitHub CLI can compromise authentication tokens by exposing them to non-GitHub submodule hosts.
The root cause of these flaws lies in how the credential helper processes credentials. Ordinarily, the helper responds with credentials delineated by a newline character (\n
). However, researchers discovered that GitHub Desktop is vulnerable to an exploitation technique called carriage return smuggling, where the insertion of a carriage return character (\r
) into a URL enables attackers to redirect credentials to an unauthorized server.
“Through the utilization of a maliciously tailored URL, it becomes feasible to manipulate Git’s credential request such that GitHub Desktop inadvertently dispatches credentials for a different host than intended,” GitHub acknowledged in an advisory.
Parallel weaknesses were pinpointed in the Git Credential Manager NuGet package, allowing attackers to redirect credentials to unrelated domains. Similarly, Git LFS demonstrated a lapse in vetting embedded control characters, leading to potential CRLF injection vulnerabilities through crafted HTTP URLs.
Another exploitable weakness in GitHub CLI leverages access tokens being dispatched to hosts beyond github[.]com
and ghe[.]com
, provided certain environmental variables—such as GITHUB_ENTERPRISE_TOKEN
, GH_ENTERPRISE_TOKEN
, and GITHUB_TOKEN
—are set, alongside the CODESPACES
variable being configured as “true.”
“As the CODESPACES
variable is always set to true within GitHub Codespaces, cloning a malicious repository in this environment via GitHub CLI invariably results in access token exposure to attacker-controlled endpoints,” noted Ry0taK.
If successfully exploited, these vulnerabilities grant malicious entities the ability to utilize leaked authentication tokens to gain entry to sensitive resources, potentially causing significant harm.
Mitigation Measures and Advisory
To address these concerns, the Git project has isolated the credential leakage linked to carriage return smuggling as a distinct vulnerability, CVE-2024-52006 (CVSS Score: 2.1), which has been rectified in version v2.48.1.
“This vulnerability bears resemblance to CVE-2020-5260 but hinges on the behavior of certain credential helper implementations that interpret single carriage return characters as newlines,” explained Taylor Blau, a GitHub software engineer, in a statement regarding CVE-2024-52006.
Furthermore, the latest release includes a patch for CVE-2024-50349 (CVSS Score: 2.1), which could be exploited to craft deceptive URLs containing escape sequences, potentially tricking users into divulging credentials to malicious sites.
Recommendations for Users
Users are urged to upgrade to the most recent version to safeguard against these vulnerabilities. For scenarios where immediate updates are infeasible, risks can be mitigated by avoiding the use of git clone --recurse-submodules
on untrusted repositories. Additionally, it is advised to refrain from employing credential helpers and to restrict cloning operations to publicly available repositories.
By adhering to these measures, users can substantially reduce the likelihood of their credentials being compromised by these emerging attack vectors.