CVE-2024-22190 in GitPython
Summary
by MITRE • 01/11/2024
GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 01/30/2024
GitPython represents a widely-used python library that facilitates interaction with Git repositories through programmatic interfaces. The vulnerability described in CVE-2024-22190 emerges from an incomplete remediation of a previously identified security flaw, specifically CVE-2023-40590, which demonstrates the persistent challenges in addressing path traversal and execution vulnerabilities within version control systems. This particular weakness manifests exclusively on Windows operating systems where GitPython employs shell-based execution mechanisms to interact with Git commands and process repository hooks. The core technical flaw stems from improper handling of executable search paths when the library invokes external Git processes, creating opportunities for privilege escalation through malicious executable substitution.
The operational impact of this vulnerability extends beyond simple code execution, as it fundamentally compromises the integrity of the GitPython library's security model. When GitPython executes Git commands through shell invocations on Windows platforms, it traverses the system PATH environment variable without proper validation of executable origins. This behavior creates a dangerous attack surface where adversaries can place malicious executables named git.exe or bash.exe in directories that appear earlier in the PATH than legitimate Git installations. The vulnerability specifically affects scenarios where GitPython utilizes shell execution for Git commands and when processing repository hooks through bash.exe interpretation, both of which are common operations within Git workflows. This issue represents a classic case of insecure path resolution that aligns with CWE-427, which addresses uncontrolled search path dependencies.
The attack vector for this vulnerability is particularly concerning given that GitPython's functionality is commonly integrated into development environments, CI/CD pipelines, and automated deployment systems where elevated privileges may be present. An attacker who gains write access to a repository or can influence the execution environment could potentially place malicious executables that would be executed with the privileges of the user running the GitPython operations. This threat model intersects with several ATT&CK techniques including privilege escalation through exploitation of software vulnerabilities and execution through malicious file content. The vulnerability's persistence across multiple versions indicates inadequate security testing and validation of previous patches, highlighting the importance of comprehensive verification in security remediation processes.
The fix implemented in version 3.1.41 addresses the root cause by enforcing stricter path validation and ensuring that GitPython uses absolute paths when invoking external executables. This mitigation strategy aligns with security best practices for preventing path traversal attacks and demonstrates the importance of maintaining secure coding practices in library development. Organizations using GitPython should immediately upgrade to version 3.1.41 or later to eliminate the risk of malicious executable substitution attacks. The vulnerability serves as a reminder of the critical importance of thorough security validation in open source libraries, particularly those that interface with system-level operations and execute external commands. System administrators and developers should also consider implementing additional security controls such as PATH environment variable monitoring and executable integrity verification to further protect against similar vulnerabilities in other software components.