Summary: Recent security vulnerabilities identified in GitHub Desktop and related Git projects expose user credentials due to improper handling of URLs, potentially allowing attackers unauthorized access. The identified flaws highlight risks associated with malformed URLs and credential leakage through various systems, including Git Credential Manager and Git CLI. Users are urged to update their software and use caution when cloning repositories.
Affected: GitHub Desktop, Git Credential Manager, Git LFS, GitHub CLI
Keypoints :
- Multiple vulnerabilities (CVE-2025-23040, CVE-2024-50338, CVE-2024-53263, CVE-2024-53858) can leak Git credentials if exploited.
- GitHub Desktop is vulnerable to credential leakage through manipulated remote URLs due to improper handling of carriage return characters.
- Users should update to the latest version (v2.48.1) and avoid using credential helpers with untrusted repositories to mitigate risks.
Source: https://thehackernews.com/2025/01/github-desktop-vulnerability-risks.html