Pierluigi Paganini January 27, 2025

Vulnerabilities in the Git credential retrieval protocol could have allowed threat actors to access user credentials.

Security researcher RyotaK from GMO Flatt Security Inc discovered multiple vulnerabilities in the Git credential retrieval protocol that could have allowed threat actors to access user credentials.

The vulnerabilities stem from the improper handling of messages in Git’s credential retrieval protocol.

In October 2024, the researcher while hunting bugs for the GitHub Bug Bounty program shifted focus from GitHub Enterprise Server to GitHub Desktop. Upon reviewing its source code, he discovered a bug allowing malicious repositories to leak user credentials. Intrigued, the expert decided to analyze other Git-related projects, uncovering several additional vulnerabilities.

The Git Credential Protocol was used to retrieve credentials from helpers like git-credential-store and git-credential-osxkeychain, the researcher RyotaK discovered multiple flaws causing credential leakage.

Git retrieves credentials from helpers by exchanging structured messages separated by newline characters. To prevent property injection, Git blocks newline and NULL bytes in property names and values.

The researcher discovered that GitHub Desktop’s credential helper, “trampoline,” improperly handled the Git Credential Protocol due to differences in how line terminators (\n, \r, etc.) were processed. An attacker can use a crafted URL with carriage return (%0d) to manipulate how the credentials are parsed. This caused GitHub Desktop to associate credentials with the wrong host (e.g., github.com instead of localhost), leading to credential leaks.

This GitHub Desktop improper regular expression issue has been tracked as CVE-2025-23040.

The researcher also reported a Git LFS newline injection, tracked as CVE-2024-53263, that could lead to credential compromise.

The Git’s researchers addressed the vulnerabilities caused by carriage return smuggling, and tracked by the organization as CVE-2024-52006), by introducing a defense-in-depth measure by validating the credential protocol. A new credential.protectProtocol configuration, enabled by default, blocks URLs containing carriage return characters (\r). This patch mitigates potential credential leaks across all credential helpers, including Git LFS.

GitHub CLI was found to leak access tokens to arbitrary hosts (CVE-2024-53858) due to a logic flaw in its tokenForHost function. While not affected by carriage return smuggling, the IsEnterprise function incorrectly classified non-GitHub-owned hosts as enterprise hosts, allowing access tokens (e.g., GH_ENTERPRISE_TOKEN or GITHUB_TOKEN) to be sent to malicious hosts. The expert pointed out that the flaw is especially critical in GitHub Codespaces, where the CODESPACES environment variable is always set to true, enabling token leakage when cloning malicious repositories.

“As we saw, text-based protocols are often vulnerable to injection, and a small architecture flaw can lead to a big security issue.” reads the report published by the researcher. “I hope that this research helped the Git community to improve its security, and I am looking forward to seeing further research on Git-related projects.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, credential leakage)