CVE-2024-32002

[devguard-bot-dev]

CVE-2024-32002

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via git config --global core.symlinks false), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.

Affected component

The vulnerability is in pkg:deb/debian/git@2.39.2-1.1, detected by the github.com/l3montree-dev/devguard/cmd/devguard-scanner/container-scanning scan.

Recommended fix

No fix is available.

Risk: 2.15 (Low)

EPSS: 0.15 %

The exploit probability is very low. The vulnerability is unlikely to be exploited in the next 30 days.

Exploit: Proof of Concept

A proof of concept is available for this vulnerability:
https://github.com/Katherine-song/CVE-2024-32002
https://github.com/chrisWalker11/running-CVE-2024-32002-locally-for-tesing
https://github.com/Julian-gmz/hook_CVE-2024-32002
https://github.com/XiaomingX/cve-2024-32002-poc
https://github.com/WOOOOONG/CVE-2024-32002
https://github.com/jolibb55/donald
https://github.com/JakobTheDev/cve-2024-32002-poc-aw
https://github.com/EQSTLab/git_rce
https://github.com/NishanthAnand21/CVE-2024-32002-PoC
https://github.com/JakobTheDev/cve-2024-32002-submodule-rce
https://github.com/1mxml/CVE-2024-32002-poc
https://github.com/JakobTheDev/cve-2024-32002-submodule-aw
https://github.com/AD-Appledog/wakuwaku
https://github.com/razenkovv/hook
https://github.com/vincepsh/CVE-2024-32002
https://github.com/431m/rcetest
https://github.com/razenkovv/captain
https://github.com/safebuffer/CVE-2024-32002
https://github.com/ycdxsb/CVE-2024-32002-submod
https://github.com/ycdxsb/CVE-2024-32002-hulk
https://github.com/10cks/CVE-2024-32002-EXP
https://github.com/jweny/CVE-2024-32002_HOOK
https://github.com/WOOOOONG/hook
https://github.com/10cks/CVE-2024-32002-linux-hulk
https://github.com/grecosamuel/CVE-2024-32002
https://github.com/amalmurali47/git_rce
https://github.com/markuta/hooky
https://github.com/JakobTheDev/cve-2024-32002-poc-rce
https://github.com/SpycioKon/CVE-2024-32002
https://github.com/10cks/CVE-2024-32002-submod
https://github.com/FlojBoj/CVE-2024-32002
https://github.com/10cks/hook
https://github.com/10cks/CVE-2024-32002-POC
https://github.com/10cks/CVE-2024-32002-smash
https://github.com/fadhilthomas/hook
https://github.com/ashutosh0408/Cve-2024-32002-poc
https://github.com/ashutosh0408/CVE-2024-32002
https://github.com/sysonlai/CVE-2024-32002-hook
https://github.com/jweny/CVE-2024-32002_EXP
https://github.com/Masamuneee/hook
https://github.com/markuta/CVE-2024-32002
https://github.com/Basyaact/CVE-2024-32002-PoC_Chinese
https://github.com/TSY244/CVE-2024-32002-git-rce
https://github.com/M507/CVE-2024-32002
https://github.com/tobelight/cve_2024_32002
https://github.com/daemon-reconfig/CVE-2024-32002
https://github.com/10cks/CVE-2024-32002-linux-smash
https://github.com/Masamuneee/CVE-2024-32002-POC
https://github.com/vincepsh/CVE-2024-32002-hook
https://github.com/JJoosh/CVE-2024-32002
https://github.com/bfengj/CVE-2024-32002-hook
https://github.com/Roronoawjd/hook
https://github.com/aitorcastel/poc_CVE-2024-32002_submodule
https://github.com/Roronoawjd/git_rce
https://github.com/10cks/CVE-2024-32002-hulk
https://github.com/Goplush/CVE-2024-32002-git-rce
https://github.com/bfengj/CVE-2024-32002-Exploit
https://github.com/charlesgargasson/CVE-2024-32002
https://github.com/AD-Appledog/CVE-2024-32002
https://github.com/amalmurali47/hook
https://github.com/10cks/CVE-2024-32002-linux-submod
https://github.com/CrackerCat/CVE-2024-32002_EXP
https://github.com/aitorcastel/poc_CVE-2024-32002
https://github.com/blackninja23/CVE-2024-32002
https://github.com/sanan2004/CVE-2024-32002
https://github.com/TSY244/CVE-2024-32002-git-rce-father-poc
https://github.com/th4s1s/CVE-2024-32002-PoC
https://github.com/JJoosh/CVE-2024-32002-Reverse-Shell
https://github.com/fadhilthomas/poc-cve-2024-32002

Vulnerability Depth: 2

The vulnerability is in a dependency of a dependency your project. It is 2 levels deep.

CVSS-BE: 9.1

• Exploiting this vulnerability significantly impacts availability.
• Exploiting this vulnerability significantly impacts integrity.
• Exploiting this vulnerability significantly impacts confidentiality.

CVSS-B: 9.0

• The vulnerability can be exploited over the network without needing physical access.
• It is difficult for an attacker to exploit this vulnerability and may require special conditions.
• An attacker does not need any special privileges or access rights.
• No user interaction is needed for the attacker to exploit this vulnerability.
• The vulnerability can affect other systems as well, not just the initial system.
• There is a high impact on the confidentiality of the information.
• There is a high impact on the integrity of the data.
• There is a high impact on the availability of the system.

More details can be found in DevGuard

Slash Commands

You can use the following slash commands to interact with this vulnerability:

• /accept <Justification> or /a <Justification> - Accept the risk
• /false-positive <Justification> or /fp <Justification> - Mark the risk as false positive
• /reopen <Justification> or /r <Justification> - Reopen the risk

---

Risk exceeds predefined threshold

[timbastin]

Ticket was only opened in accident. Accident is fixed: l3montree-dev/devguard@4cb641d