{"vulnerability": "CVE-2023-29011", "sightings": [{"uuid": "0e76e0f2-cd45-4945-8ab9-ca9e00a59a9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29011", "type": "seen", "source": "https://t.me/cibsecurity/62862", "content": "\u203c CVE-2023-29011 \u203c\n\nGit for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of `connect.exe`'s config file is hard-coded as `/etc/connectrc` which will typically be interpreted as `C:\\etc\\connectrc`. Since `C:\\etc` can be created by any authenticated user, this makes `connect.exe` susceptible to malicious files being placed there by other users on the same multi-user machine. The problem has been patched in Git for Windows v2.40.1. As a workaround, create the folder `etc` on all drives where Git commands are run, and remove read/write access from those folders. Alternatively, watch out for malicious `:\\etc\\connectrc` files on multi-user machines.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2024-11-06T18:36:43.000000Z"}]}