CVE-2022-24765 in Xcode
Summary
by MITRE • 04/12/2022
Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 07/24/2025
This vulnerability in Git for Windows represents a critical path traversal and configuration injection flaw that exploits the software's directory discovery mechanism. The issue stems from Git's behavior of recursively searching for.git directories when operating outside of a repository context, creating a scenario where malicious actors can manipulate the Git configuration by placing a specially crafted directory at the root level of the system drive. This vulnerability specifically impacts multi-user environments where untrusted parties have write access to shared storage, making it particularly dangerous in corporate or shared computing environments. The flaw allows attackers to inject arbitrary configuration settings that can alter Git's behavior, potentially leading to unauthorized code execution or data manipulation during repository operations.
The technical implementation of this vulnerability involves Git's default search pattern that traverses directory structures to locate repository metadata, including configuration files within.git directories. When Git encounters a directory named .git at the root level of a drive, it treats this as a valid repository and loads any configuration settings present within that directory. This behavior is particularly problematic because the configuration files in the root .git directory can contain malicious settings that alter Git's operation. The vulnerability affects multiple Git interfaces including Git Bash, PowerShell with posh-git integration, and various IDE integrations, making it extremely broad in scope. The attack vector is simple yet effective - an attacker only needs to create a directory structure at C:\.git to compromise systems running Git for Windows.
The operational impact of this vulnerability extends beyond simple configuration manipulation, as it can enable more sophisticated attacks when combined with other security weaknesses. An attacker could place malicious configuration entries that redirect Git operations to malicious repositories or alter Git's credential handling mechanisms. The vulnerability is particularly concerning for developers who use Git in their daily workflows, as simply opening a PowerShell session or creating a new project in an IDE can trigger the vulnerable code path. This makes the attack surface much larger than typical configuration-based vulnerabilities, as it can be exploited without requiring specific user interaction beyond normal software usage patterns. The vulnerability affects all Git for Windows installations regardless of version, making it a persistent threat across multiple releases.
Mitigation strategies for this vulnerability must address both the immediate threat and prevent future exploitation through proper system hardening. The primary recommendation involves implementing strict directory permissions on shared systems, ensuring that untrusted users cannot create directories at the root level of system drives. System administrators should also consider implementing directory monitoring solutions that can detect the creation of suspicious .git directories in root locations. Additionally, organizations should consider disabling Git's automatic repository discovery mechanisms or implementing custom Git configuration files that override the default behavior. Security teams should also review and update their incident response procedures to account for this type of configuration-based attack vector. The vulnerability aligns with CWE-22 Path Traversal and CWE-471 Modification of Assumptions, while the attack methodology maps to ATT&CK techniques involving privilege escalation through configuration manipulation and persistence mechanisms. Organizations should also consider implementing application whitelisting policies to prevent unauthorized Git installations and ensure that only trusted versions of Git are running on their systems.