Impact
This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder C:\.git, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory.
Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash with the current working directory outside of a trusted Git repository.
Patches
The problem has been addressed in v2.35.2.vfs.0.0.
Workarounds
Create the folder .git on all drives where Git commands are run, and remove read/write access from those folders:
mkdir \.git
icacls \.git /inheritance:r
Alternatively, define or extend GIT_CEILING_DIRECTORIES to cover the parent directory of the user profile, e.g. C:\Users if the user profile is located in C:\Users\my-user-name.
References
For more information
If you have any questions or comments about this advisory:
Impact
This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder
C:\.git, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory.Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash with the current working directory outside of a trusted Git repository.
Patches
The problem has been addressed in v2.35.2.vfs.0.0.
Workarounds
Create the folder .git on all drives where Git commands are run, and remove read/write access from those folders:
Alternatively, define or extend
GIT_CEILING_DIRECTORIESto cover the parent directory of the user profile, e.g.C:\Usersif the user profile is located inC:\Users\my-user-name.References
GIT_CEILING_DIRECTORIESpre-command/post-commandhooks.For more information
If you have any questions or comments about this advisory: