Jan 27, 2025Ravie LakshmananVulnerability / Software Security
In GitHub Desktop as well as other Git-related tasks, numerous security flaws have been discovered that, if properly exploited, could entice an intruder to unauthorised access a user’s Git credentials.
GMO Flatt Security scientist Ry0taK, who found the flaws, wrote in an analysis released on Sunday that Git uses a process called Git Credential Protocol to fetch qualifications from the token helper. Some projects were prone to token leakage in numerous ways because of improper handling of messages.
The record of identified threats, dubbed Clone2Leak, is as follows-
- CVE-2025-23040 ( CVSS score: 6.6 )- Maliciously crafted remote URLs could lead to credential leaks in GitHub Desktop
- ( CVSS report: 7.4)- Carriage-return personality in remote URL allows the malignant repository to drip qualifications in Git Credential Manager
- ( CVSS score: 8.5 )- Git LFS permits retrieval of credentials via crafted HTTP URLs
- ( CVSS score: 6.5 )- Recursive repository cloning in GitHub CLI can leak authentication tokens to non-Git Hub submodule hosts
The research found that GitHub Desktop is susceptible to a case of carriage return ( “r” ) smuggling, whereby the character is injected into a crafted URL can leak the credentials to an attacker-controlled host even though the credential helper is intended to return a message that contains the credentials separated by the control character (” n” ).
Use of a maliciously crafted URL could lead to Github Desktop misinterpreting the credential request coming from Git, sending credentials to a different host than the host with which Git is now communicating, allowing for unintended exfiltration, according to GitHub in an expert.
A similar flaw has also been discovered in the Git Credential Manager NuGet bundle, which enables qualifications to be exposed to an unrelated number. Git LFS, likewise, has been found not to check for any embedded control characters, resulting in a carriage return line feed ( CRLF ) injection via crafted HTTP URLs.
The risk that affects GitHub CLI, on the other hand, exploits the fact that hosts additional than plugin are set up to receive access tokens. com and ghe [. ] com as long as the environment variables GITHUB_ENTERPRISE_TOKEN, GH_ENTERPRISE_TOKEN, and GITHUB_TOKEN are set, and CODESPACES is set to” true” in the case of the latter.
” While both enterprise-related elements are not frequent, the CODESPACES setting varying is generally set to true when running on GitHub Codespaces”, Ry0taK said. Therefore, using GitHub CLI to clone a malignant repository on GitHub Codespaces will usually give the attacker the entry token to their hosts.
A destructive third-party could use the leaked authentication tokens to access privileged resources if the exploited flaws are successful.
In response to the disclosures, the credential leakage stemming from carriage return smuggling has been treated by the Git project as a standalone vulnerability ( , CVSS score: 2.1 ) and addressed in .
In a blog about CVE-2024-52006, GitHub application engineer Taylor Blau wrote that” this risk is related to CVE-2020-5260, but relies on behavior where some token helper implementations interpret one carriage gain characters as newlines.
Additionally, the most recent version fixes ( CVSS score: 2.1 ), which could be used by an adversary to create URLs with escape sequences to deceive users into giving arbitrary websites their credentials.
People are advised to update to the most recent type to avoid these risks. If using bastard copy with –recurse-submodules against dirty repositories is not an option, the danger associated with the flaws may be reduced. Additionally, it’s advised against using the token helper by merely cloning publicly accessible repositories.
Found this post exciting? To read more unique content we post, follow us on and Twitter.