A set of three distinct but related attacks, dubbed ‘Clone2Leak,’ can leak credentials by exploiting how Git and its credential helpers handle authentication requests.
The attack can compromise passwords and access tokens in GitHub Desktop, Git LFS, GitHub CLI/Codespaces, and the Git Credential Manager.
The flaws that make ‘Clone2Leak’ possible were discovered by Japanese researcher RyotaK of GMO Flatt Security, who reported them responsibly to the affected projects.
Security updates addressing all flaws have been made available, and impacted users are urged to ensure they’re running a safe release to mitigate the risk of having their secrets leaked.
Clone2Leak attacks
Each of the flaws discovered by RyotaK revolves around improper parsing of authentication…