CVE-2023-40267: GitPython Vulnerability - Insecure Non-Multi Options Allowed in Clone and Clone_from in Versions Before 3.1.32

CVE-2023-40267 is a newly discovered vulnerability in the GitPython library, specifically affecting versions before 3.1.32. This vulnerability is related to the inadequate blocking of insecure non-multi options in the clone and clone_from functions. It's important to note that this issue exists due to an incomplete fix for a previously discussed vulnerability, CVE-2022-24439.

This blog post will discuss the details of CVE-2023-40267, providing code snippets, links to original references, and exploit details.

Vulnerability Details

GitPython is a widely popular library that allows developers to interact with Git repositories through Python scripts. It serves as an interface between the Git command-line tool and Python code.

The vulnerability exists in the clone and clone_from functions of the affected versions (prior to 3.1.32) as they fail to block insecure non-multi options. As a result, an attacker could potentially exploit this mechanism to execute malicious commands on an unsuspecting victim's system by leveraging GitPython's clone and clone_from calls.

vulnerable_example.py:

import git

# Assume user input gets assigned to this variable
user_input = "--config filter.secret.clean='x-first:secret && echo Exploited!'"

repo_url = "https://github.com/user/repo.git";
repo_clone_path = "/tmp/cloned_repo"

# vulnerable clone_from call due to the insecure user input
git.Repo.clone_from(repo_url, repo_clone_path, config=user_input)

In the above example, an attacker could craft a malicious user_input string that, when executed as a config parameter in clone_from, would execute arbitrary shell commands during the cloning process, as shown by the echo Exploited! string.

Exploit Details

Exploiting this vulnerability involves crafting a malicious input that would then be passed to the config parameter in the clone_from function call. As this vulnerability relies on insecure handling of input, any application that uses GitPython and does not properly sanitize user input will be susceptible to exploit.

To protect your applications against this vulnerability, it is important to sanitize any user input that will be passed to GitPython functions or ensure that you have updated the GitPython library to version 3.1.32 or later, which includes a patch for this issue.

Original References

1. CVE-2023-40267 - National Vulnerability Database
2. GitPython GitHub Repository
3. GitPython Release v3.1.32 - Fix for CVE-2023-40267
4. CVE-2022-24439 -Incomplete Fix Reference

Conclusion

CVE-2023-40267 is a security vulnerability in GitPython, resulting from an incomplete fix for a previously known vulnerability. This issue affects the clone and clone_from functions in versions of GitPython before 3.1.32, as they do not block insecure non-multi options properly.

The consequences of exploiting this vulnerability could include arbitrary code execution and unauthorized access to sensitive information. To mitigate this risk, developers should sanitize user input passed to GitPython functions and update their library to version 3.1.32 or later, which includes a patch for this vulnerability.

Timeline

Published on: 08/11/2023 07:15:00 UTC
Last modified on: 08/25/2023 03:15:00 UTC