Security News

Critical RCE vulnerabilities found in git (CVE-2022-41903, CVE-2022-23251)
2023-01-19 12:04

A source code audit has revealed two critical vulnerabilities affecting git, the popular distributed version control system for collaborative software development. Aside from the two critical issues, a high severity flaw has also been patched in the Git GUI for Windows.

Git Users Urged to Update Software to Prevent Remote Code Execution Attacks
2023-01-18 09:28

The maintainers of the Git source code version control system have released updates to remediate two critical vulnerabilities that could be exploited by a malicious actor to achieve remote code execution.X41 D-Sec security researchers Markus Vervier and Eric Sesterhenn as well as GitLab's Joern Schneeweisz have been credited with reporting the bugs.

Git patches two critical remote code execution security flaws
2023-01-17 23:26

Git has patched two critical severity security vulnerabilities that could allow attackers to execute arbitrary code after successfully exploiting heap-based buffer overflow weaknesses. A third Windows-specific flaw impacting the Git GUI tool caused by an untrusted search path weakness enables unauthenticated threat actors to run untrusted code low-complexity attacks.

Nosey Parker: Find sensitive information in textual data and Git history
2022-12-14 04:30

Praetorian has open-sourced the regular expression-based scanning capabilities of its Nosey Parker secret scanning tool. Nosey Parker addresses the pervasive problem of secret exposure in source code and configuration files where sensitive information such as passwords, API keys, access tokens, asymmetric private keys, client secrets, and credentials exist.

Git for Windows issues update to fix running-someone-else’s-code vuln
2022-04-13 13:00

After a hefty Patch Tuesday comes news of an update for Git to deal with a vulnerability for the source shack when run on Microsoft's Windows. The update is solely concerned with CVE-2022-24765, an interesting bug which afflicts the Git for Windows fork of Git.

GitHub Revoked Insecure SSH Keys Generated by a Popular git Client
2021-10-12 21:39

Code hosting platform GitHub has revoked weak SSH authentication keys that were generated via the GitKraken git GUI client due to a vulnerability in a third-party library that increased the likelihood of duplicated SSH keys. As an added precautionary measure, the Microsoft-owned company also said it's building safeguards to prevent vulnerable versions of GitKraken from adding newly generated weak keys.

GitHub picks Friday 13th to kill off password-based Git authentication
2021-08-12 23:20

If your Git operations start failing on Friday, August 13 with GitHub, it may well be because you're still using password authentication - and you need to change that. In December, the source-code-hosting giant warned it will end password-based authentication for Git pushes and the like.

GitHub deprecates account passwords for authenticating Git operations
2021-08-12 22:10

GitHub has announced today that account passwords will no longer be accepted for authenticating Git operations starting tomorrow. "Starting on August 13, 2021, at 09:00 PST, we will no longer accept account passwords when authenticating Git operations on GitHub.com," the company said.

GitHub now supports security keys when using Git over SSH
2021-05-10 20:09

GitHub has added support for securing SSH Git operations using FIDO2 security keys for added protection from account takeover attempts. "Once generated, you add these new keys to your account just like any other SSH key," GitHub Senior Security Engineer Kevin Jones said.

PHP's Git server hacked to add backdoors to PHP source code
2021-03-29 07:32

In the latest software supply chain attack, the official PHP Git repository was hacked and the code base tampered with. Yesterday, two malicious commits were pushed to the php-src Git repository maintained by the PHP team on their git.