CVE-2024-32002 in Git
Summary
by MITRE • 05/14/2024
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 01/21/2025
This vulnerability in Git represents a critical security flaw that enables maliciously crafted repositories to execute arbitrary code during the cloning process through a manipulation of submodule handling mechanisms. The vulnerability affects Git versions prior to 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, creating a privilege escalation scenario where an attacker can inject malicious hooks into the target system. The core technical issue stems from Git's improper validation of submodule paths, allowing an attacker to craft repository structures that cause Git to write files directly into the `.git/` directory of the submodule instead of the intended worktree location. This behavior violates fundamental security assumptions about file system operations and creates a persistent execution vector that operates outside normal user inspection capabilities.
The operational impact of this vulnerability extends beyond simple code execution to encompass a complete compromise of the cloning environment. During the clone operation, when Git processes submodules, the maliciously constructed repository can cause hook files to be written into the `.git/hooks/` directory of the submodule, which executes immediately upon completion of the clone process. This timing aspect is particularly dangerous because users have no opportunity to inspect or audit the code being executed, as the execution occurs automatically while the clone operation is still in progress. The vulnerability maps directly to CWE-22, which describes improper limitation of a pathname to a restricted directory, and represents a classic path traversal attack vector that has been exploited in similar systems. From an attacker's perspective, this creates a reliable method for achieving remote code execution without requiring any user interaction beyond initiating the clone operation, making it particularly dangerous in enterprise environments where automated build processes might be cloning repositories from untrusted sources.
The mitigation strategies for this vulnerability involve multiple layers of defense that align with established security practices. The primary and most effective mitigation is upgrading to the patched versions of Git, which contain proper validation of submodule paths and prevent the unintended file writing behavior. Additionally, organizations can implement the configuration setting `git config --global core.symlinks false` as a defensive measure, which effectively disables the attack vector by preventing symbolic link creation during the cloning process. This configuration change aligns with the principle of least privilege and reduces the attack surface by limiting Git's ability to create potentially malicious symbolic links that could be exploited to redirect file operations. The vulnerability also highlights the importance of adhering to the principle of least privilege in repository management, as demonstrated by the ATT&CK framework's emphasis on privilege escalation techniques. Organizations should also implement strict repository validation policies, particularly for automated systems that clone repositories, and establish procedures for inspecting repository contents before cloning. The vulnerability serves as a reminder that even well-established tools like Git can contain critical security flaws that affect millions of users, emphasizing the importance of continuous security monitoring and timely patch management across all software components in the development lifecycle.