GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager
Released: Jan 14, 2025
- Assigning CNA
- GitHub
- CVE.org link
- CVE-2024-50338
- Impact
- Information Disclosure
- Max Severity
- Important
- Weakness
- CVSS Source
- GitHub
- Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
- Metrics
- CVSS:3.1 7.4 / 6.4Base score metrics: 7.4 / Temporal score metrics: 6.4
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
Exploit Code Maturity
Unproven
Remediation Level
Official Fix
Report Confidence
Confirmed
Please see Common Vulnerability Scoring System for more information on the definition of these metrics.
Exploitability
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
- Publicly disclosed
- No
- Exploited
- No
- Exploitability assessment
- Exploitation Less Likely
FAQ
Why is this GitHub CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is secrets or privileged information belonging to the user of the affected application.
Acknowledgements
- Anonymous
Security Updates
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle.
- 17.12.4
- 17.10.10
- 17.8.17
- 17.6.22
- 16.11.43
- 15.9.69
Disclaimer
Revisions
Information published.