Microsoft · Powershell · CVE-2022-24765
**Name of the Vulnerable Software and Affected Versions**
Git for Windows versions prior to 2.35.2
Git versions prior to the fix for this issue, exact version not specified
**Description**
The issue is related to the possibility of creating a `.git` folder in a shared location, which could be exploited by an attacker to run arbitrary commands. This affects users working on multi-user machines where untrusted parties have write access to the same hard disk. The vulnerability can be exploited when Git operations are run outside a repository, and Git respects any config in the `.git` directory. Users of IDEs such as Visual Studio, Git Bash, and PowerShell are vulnerable. The estimated number of potentially affected devices is not specified.
**Recommendations**
For Git for Windows versions prior to 2.35.2, update to version 2.35.2 or later to resolve the issue.
For users unable to upgrade, create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround.
Alternatively, define or extend `GIT CEILING DIRECTORIES` to cover the parent directory of the user profile, e.g., `C:Users` if the user profile is located in `C:Usersmy-user-name`.
As a temporary workaround, consider restricting access to the `.git` directory to minimize the risk of exploitation.