**
Recent security vulnerabilities were discovered in several Git-related projects, including GitHub Desktop, Git Credential Manager, Git Large File Storage (LFS), and GitHub Codespaces. These issues stem from improper handling of text-based protocols, allowing attackers to potentially leak user credentials by manipulating newline characters or crafting malicious repository URLs.
Git communicates with credential helpers using specific messages that include protocol type, host, username, and password information. However, improper message parsing led to security flaws in various projects. For instance, GitHub Desktop exploited a vulnerability where attackers crafted URLs to inject CR characters, bypassing normal processing and leaking credentials to unauthorized hosts. Similarly, Git Credential Manager was found to have an issue with the .NET StreamReader class, which allowed attackers to leak credentials via maliciously crafted URLs.
In another case, Git LFS exhibited vulnerabilities when processing .lfsconfig files that contained injected newline characters, leading to unauthorized access to user credentials. Additionally, GitHub CLI experienced a logic flaw where access tokens were mistakenly sent to arbitrary hosts due to an improper function in the IsEnterprise check.
These vulnerabilities were discovered by security engineer RyotaK during participation in the GitHub Bug Bounty program and have since prompted mitigations from affected platforms. The findings underscore the risks of improper handling in text-based protocols, particularly when dealing with credential exchanges. Even small architectural oversights can result in significant security breaches.
The vulnerabilities highlight the importance of robust validation and input sanitization in software applications that handle sensitive information like credentials.
Source: https://cybersecuritynews.com/github-vulnerability-let-malicious-repos-to-leaks-users-credentials