A new set of attacks, dubbed “Clone2Leak,” exploits vulnerabilities in Git and its credential helpers to steal sensitive information.
These attacks target popular tools like GitHub Desktop, Git LFS, GitHub CLI/Codespaces, and the Git Credential Manager.
The vulnerabilities allow attackers to trick Git into leaking stored credentials, including passwords and access tokens, to malicious servers.
The Clone2Leak attacks leverage three distinct flaws:
- Carriage return smuggling (CVE-2025-23040 and CVE-2024-50338): GitHub Desktop and Git Credential Manager incorrectly interpret carriage return characters in URLs. A malicious submodule URL containing
%0Dcan redirect credentials to an attacker’s server. - Newline injection (CVE-2024-53263): Git LFS allows newline characters in
.lfsconfigfiles, bypassing security measures. Attackers can manipulate credential requests to redirect credentials to a malicious server. - Logic flaws in credential retrieval (CVE-2024-53858): GitHub CLI and GitHub Codespaces had overly permissive credential helpers. This allowed attackers to steal GitHub access tokens by tricking users into cloning malicious repositories within Codespaces.
Japanese Researcher RyotaK of GMO Flatt Security Responsibly Discloased these Vulnerabilities.
Security updates are available for all affected projects. Users are urged to update their software to the following versions: GitHub Desktop 3.4.12 or newer, Git Credential Manager 2.6.1 or newer, Git LFS 3.6.1 or later, and gh CLI 2.63.0 or later.
Enabling Git’s credential.protectProtocol is also recommended. While active exploitation isn’t yet confirmed, the risk is elevated now that the details are public. Clone2Leak attacks highlight the importance of regularly updating software and practicing safe coding habits.
The Clone2Leak attacks demonstrate the ongoing need for robust security practices in software development and usage. Clone2Leak attacks represent a significant security risk, emphasizing the importance of prompt patching and secure coding practices.
