一、 漏洞 CVE-2024-50338 基础信息
漏洞标题
远程URL中的回车字符允许恶意仓库泄露Git Credential Manager中的凭证
来源:AIGC 神龙大模型
漏洞描述信息
N/A
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
来源:AIGC 神龙大模型
漏洞类别
使用不充分的随机数
来源:AIGC 神龙大模型
漏洞标题
Carriage-return character in remote URL allows malicious repository to leak credentials in Git Credential Manager
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Git Credential Manager (GCM) is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format `key=value`. Git's documentation restricts the use of the NUL (`\0`) character and newlines to form part of the keys or values. When Git reads from standard input, it considers both LF and CRLF as newline characters for the credential protocol by virtue of calling `strbuf_getline` that calls to `strbuf_getdelim_strip_crlf`. Git also validates that a newline is not present in the value by checking for the presence of the line-feed character (LF, `\n`), and errors if this is the case. This captures both LF and CRLF-type newlines. Git Credential Manager uses the .NET standard library `StreamReader` class to read the standard input stream line-by-line and parse the `key=value` credential protocol format. The implementation of the `ReadLineAsync` method considers LF, CRLF, and CR as valid line endings. This is means that .NET considers a single CR as a valid newline character, whereas Git does not. This mismatch of newline treatment between Git and GCM means that an attacker can craft a malicious remote URL. When a user clones or otherwise interacts with a malicious repository that requires authentication, the attacker can capture credentials for another Git remote. The attack is also heightened when cloning from repositories with submodules when using the `--recursive` clone option as the user is not able to inspect the submodule remote URLs beforehand. This issue has been patched in version 2.6.1 and all users are advised to upgrade. Users unable to upgrade should only interact with trusted remote repositories, and not clone with `--recursive` to allow inspection of any submodule URLs before cloning those submodules.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
来源:美国国家漏洞数据库 NVD
漏洞类别
信息暴露
来源:美国国家漏洞数据库 NVD
漏洞标题
Git Credential Manager 信息泄露漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Git Credential Manager(GCM)是Git Ecosystem开源的一个安全的 Git 凭据助手。 Git Credential Manager存在信息泄露漏洞。攻击者利用该漏洞可以捕获另一个 Git 远程的凭证。以下产品和版本受到影响:Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8),Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 1
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
信息泄露
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2024-50338 的公开POC
# POC 描述 源链接 神龙链接
三、漏洞 CVE-2024-50338 的情报信息

  • 标题: Git - git-credential Documentation -- 🔗来源链接

    标签: x_refsource_MISC

    Git - git-credential Documentation

  • 标题: Release GCM 2.6.1 · git-ecosystem/git-credential-manager · GitHub -- 🔗来源链接

    标签: x_refsource_MISC

    Release GCM 2.6.1 · git-ecosystem/git-credential-manager · GitHub

  • 标题: StreamReader Class (System.IO) | Microsoft Learn -- 🔗来源链接

    标签: x_refsource_MISC

    StreamReader Class (System.IO) | Microsoft Learn

  • 标题: git/credential.c at 6a11438f43469f3815f2f0fc997bd45792ff04c0 · git/git · GitHub -- 🔗来源链接

    标签: x_refsource_MISC

    git/credential.c at 6a11438f43469f3815f2f0fc997bd45792ff04c0 · git/git · GitHub

  • 标题: Carriage-return character in remote URL allows malicious repository to leak credentials · Advisory · git-ecosystem/git-credential-manager · GitHub -- 🔗来源链接

    标签: x_refsource_CONFIRM

    Carriage-return character in remote URL allows malicious repository to leak credentials · Advisory · git-ecosystem/git-credential-manager · GitHub

  • 标题: git-credential-manager/src/shared/Core/StreamExtensions.cs at ae009e11a0fbef804ad9f78816d84a0bc7e052fe · git-ecosystem/git-credential-manager · GitHub -- 🔗来源链接

    标签: x_refsource_MISC

    git-credential-manager/src/shared/Core/StreamExtensions.cs at ae009e11a0fbef804ad9f78816d84a0bc7e052fe · git-ecosystem/git-credential-manager · GitHub

  • 标题: Comparing 749e287571c78a2b61f926ccce6a707050871ab8...99e2f7f60e7364fe807e7925f361a81f3c47bd1b · git-ecosystem/git-credential-manager · GitHub -- 🔗来源链接

    标签: x_refsource_MISC

    Comparing 749e287571c78a2b61f926ccce6a707050871ab8...99e2f7f60e7364fe807e7925f361a81f3c47bd1b · git-ecosystem/git-credential-manager · GitHub

  • 标题: runtime/src/libraries/System.Private.CoreLib/src/System/IO/StreamReader.cs at e476b43b5cb42eb44ce23b1c7b793aa361624cf6 · dotnet/runtime · GitHub -- 🔗来源链接

    标签: x_refsource_MISC

    runtime/src/libraries/System.Private.CoreLib/src/System/IO/StreamReader.cs at e476b43b5cb42eb44ce23b1c7b793aa361624cf6 · dotnet/runtime · GitHub
  • https://nvd.nist.gov/vuln/detail/CVE-2024-50338