Security researcher finds related attacks and dubbed them Clone2Leak
This allowed threat actors to leak credentials through Git’s credential helper
Patches are already available, so update now
A number of flaws was recently found in distributed version control system Git’s credential helper which allowed malicious actors to exfiltrate login credentials from different projects. It was responsibly disclosed to the developers and shut down.
Git’s credential helper is a feature that securely manages credentials (usernames and passwords, or personal access tokens) required to authenticate with remote repositories. It simplifies authentication by caching or storing credentials so users don’t need to repeatedly enter them for every Git operation.
Leave a comment