CVE-2020-26233 : Security Advisory and Response
Learn about CVE-2020-26233, a high-severity vulnerability in Git Credential Manager Core allowing remote code execution on Windows systems. Find out how to mitigate this issue and prevent exploitation.
Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET Core that runs on Windows and macOS. This vulnerability allows remote code execution when recursively cloning a Git repository on Windows with submodules.
Understanding CVE-2020-26233
What is CVE-2020-26233?
CVE-2020-26233 is a vulnerability in Git Credential Manager Core that allows remote code execution on Windows systems when recursively cloning Git repositories with submodules.
The Impact of CVE-2020-26233
The vulnerability has a CVSS base score of 7.3, indicating a high severity level. It affects confidentiality, integrity, and requires high privileges for exploitation.
Technical Details of CVE-2020-26233
Vulnerability Description
- Malicious git.exe executable in the top-level repository can be executed by GCM Core, leading to remote code execution.
Affected Systems and Versions
- Product: Git-Credential-Manager-Core
- Vendor: Microsoft
- Versions Affected: <= 2.0.280
Exploitation Mechanism
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: High
- User Interaction: Required
Mitigation and Prevention
Immediate Steps to Take
- Update to GCM Core version 2.0.289 or later to mitigate the vulnerability.
- Avoid recursively cloning untrusted repositories with the --recurse-submodules option.
Long-Term Security Practices
- Regularly update Git Credential Manager Core and Git for Windows to the latest versions.
Patching and Updates
- GCM Core version 2.0.289 contains the fix for this vulnerability and is available from the project's GitHub releases page.