CVE-2022-24975

Name of the Vulnerable Software and Affected Versions Git versions through 2.35.1

Description The issue is related to the disclosure of information in the error data area of the distributed version control system Git. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option. The --mirror documentation for Git does not mention the availability of deleted content, also known as the "GitBleed" issue. It has been noted that around 18% of secrets in 50,000 public repositories were missed when using the standard git clone command instead of git clone --mirror.

Recommendations For Git versions through 2.35.1, consider using the git clone --mirror command instead of the standard git clone command to ensure that all data, including deleted content, is cloned and audited. Additionally, utilize features such as push protection and pre-commit hooks to prevent secrets from being committed to repositories. If secrets have already been committed, contact technical support for assistance.