CVE-2024-32002 | Git | RCE

Vulnerability	CVE-2024-32002
Type	Remote Code Execution “RCE”
Description	CVE-2024-32002 is a vulnerability in Git SCM affecting specific versions that allows attackers to exploit submodules to write files into the `.git/` directory using symbolic links and case-insensitive filesystems.
The Impact of the Bug	This vulnerability can lead to remote code execution (RCE) by executing a malicious hook script during a `git clone` operation, potentially compromising the system.
How to detect if you have a vulnerable application to this attack vector?	Check if your Git version is one of the affected versions (2.45.1 and others listed). Assess the use of symbolic links and case-insensitive filesystems.
Exploitation	The exploit involves setting up a malicious repository with a submodule containing a symbolic link to its `.git/` directory, where a hook script resides. When cloned on a vulnerable system, the script is executed, potentially allowing for RCE. Disable symbolic links with `git config --global core.symlinks false` could be used to prevent exploitation. IN-THE-WILD In-The-Wild exploits for this CVE set up a malicious Git repository that uses a submodule and symbolic links to create a scenario where cloning the repository triggers the execution of a malicious Git hook. The script suggests running a `git clone --recursive` command on the repo, which includes the malicious setup. This cloning process executes the malicious hook, potentially allowing remote code execution.
References	https://github.com/safebuffer/CVE-2024-32002 https://kondukto.io/blog/git-scm-affected-by-cve-2024-32002