An Interest In:
Web News this Week
- April 12, 2024
- April 11, 2024
- April 10, 2024
- April 9, 2024
- April 8, 2024
- April 7, 2024
- April 6, 2024
Some of Our Sources
- Team Treehouse
- Spoon Graphics
- Smashing Magazine
- Noupe
- Line 25
- Stylized Web
- Specky Boy
- Codrops
- Daily Now
- Dev To
Help Webnuz
Referal links:
April 13, 2022 11:20 pm
Original Link: https://it.slashdot.org/story/22/04/13/2140258/git-for-windows-issues-update-to-fix-running-someone-elses-code-vulnerability?utm_source=rss1.0mainlink
Git For Windows Issues Update To Fix Running-Someone-Else's-Code Vulnerability
The Git team has issued an update to fix a bug in Git for Windows that "affects multi-user hardware where untrusted parties have write access to the same hard disk," reports The Register. Specifically, the update is concerned with CVE-2022-24765. From the report: Arguably, if an "untrusted party" has write access to a hard disk, then all bets are off when it comes to the nooks and crannies of a PC anyway. In this case, the miscreants would only need to create the folder c:\.git, "which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory," according to NIST. The result is that Git would use the config in the directory. NIST went on to list potentially vulnerable products, which included Visual Studio. "Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash." The Git team was little blunter about the vulnerability, and warned that "Merely having a Git-aware prompt that runs 'git status' (or 'git diff') and navigating to a directory which is supposedly not a Git worktree, or opening such a directory in an editor or IDE such as VS Code or Atom, will potentially run commands defined by that other user." [...] To deal with the issue, the Git team recommends an update. Alternatively, a user could create that .git folder themselves and remove read/write access as workaround or "define or extend 'GIT_CEILING_DIRECTORIES' to cover the parent directory of the user profile," according to NIST.Read more of this story at Slashdot.
Original Link: https://it.slashdot.org/story/22/04/13/2140258/git-for-windows-issues-update-to-fix-running-someone-elses-code-vulnerability?utm_source=rss1.0mainlink
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot