CVE-2023-29012 HIGH

CVE-2023-29012: Git CMD erroneously executes `doskey.exe` in the current directory, if it exists

Vendor Git-For-Windows
Product git
Weakness CWE-427
Published April 25, 2023
Last update February 3, 2025

CVSS base score

7.3/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed `doskey.exe` would be executed silently upon running Git CMD. The problem has been patched in Git for Windows v2.40.1. As a workaround, avoid using Git CMD or, if using Git CMD, avoid starting it in an untrusted directory.

Key dates

02Disclosure timeline

April 25, 2023 CVE published
February 3, 2025 Record updated