Three of the most popular version control systems (VCSs) used in managing source code projects are vulnerable to a flaw that allows an attacker to run code on a victim's platform, potentially leading to the theft of source code or the hijacking of the underlying machine.
Discovered by Joern Schneeweisz, a security researcher for Recurity Labs, the flaw relies on tricking users into cloning (copying) a source code project via an "ssh://" link.
Social engineering not necessary to exploit the flaw
Schneeweisz says that a URL in the form of "ssh://-oProxyCommand=some-command" allows an attacker to execute commands on the computer of the user performing the clone operation.
"While it might be tricky to convince a user to clone a repository with a rather shady looking ssh:// URL, this attack vector is exploitable in a more sneaky way when it comes to Git submodules," Schneeweisz explains.
"It is possible to create a Git repository that contains a crafted ssh:// submodule URL. When such a repository is cloned recursively, or the submodule is updated, the ssh:// payload will trigger," the researcher added.
Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor
Cisco Unified Communications 0-day RCE Vulnerability Exploited in the Wild to Gain Root Access
CISA Beware! Hackers Are Actively Exploiting Windows Server Update Services RCE Flaw in the Wild
Pentest tools left online are allowing hackers to exploit Fortune 500 firms