CVE-2023-29012

CVSS v3.1

7.2

High

Vector

AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Git for Windows versions prior to 2.40.1

Description The issue is related to an Uncontrolled Search Path Element vulnerability. It affects users of Git CMD who start the command in an untrusted directory, allowing maliciously-placed doskey.exe to be executed silently. This could potentially enable an attacker to execute arbitrary code.

Recommendations For versions prior to 2.40.1, update to Git for Windows version 2.40.1 to resolve the issue. As a temporary workaround, avoid using Git CMD or, if using Git CMD, avoid starting it in an untrusted directory.

Exploit

Fix

Information Disclosure

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-427

Related Identifiers

BDU:2023-06554

BDU:2023-06555

BDU:2023-06647

CVE-2023-29012

GHSA-GQ5X-V87V-8F7G

Affected Products

Git For Windows

CVE-2023-29012

Weakness Enumeration

Related Identifiers

Affected Products

References · 24