CVE-2020-27955 Git LFS RCE
Virsec Security Research Lab Vulnerability Analysis
The Virsec Security Research Lab provides detailed analysis on recent and notable security vulnerabilities.
Git LFS (Large File Storage) is a Git extension developed by Atlassian, GitHub, and a few other open source contributors, that reduces the impact of large files in your repository by downloading the relevant versions of them lazily. Specifically, large files are downloaded during the checkout process rather than during cloning or fetching. Git LFS 2.12.0 allows Remote Code Execution.
Watch the video to learn more about this and other important vulnerabilities.
The CVSS Base Score is 9.8 (Critical)
Git LFS 2.12.0. As per this site, it affects lot more products, like Git / GitHub CLI / GitHub Desktop, Basically the whole Windows dev world which uses git.
This vulnerability is reported by MITRE
Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server like GitHub.com or GitHub Enterprise. So, exploiting this vulnerability and placing backdoor can exfiltrate your data sensitive data. This vulnerability can also be used to perform lateral movement and exploit other Git based vulnerabilities. Public exploits are available here and here. There are video on YouTube showing how to exploit GitHub desktop. As per GitHub page – this vulnerability affects and is tested on git, GitHub CLI, GitHub Desktop, Visual Studio Code, SourceTree, SmartGit, GitKraken
Virsec Security Platform (VSP) Support
The Virsec Security Platform (VSP)-Host monitors processes that are spawned which are not part of a set of whitelisted process. Any attempt to execute new command or unknown binary would be denied by VSP-Host’s Process Monitoring capability.
Download the full vulnerability report to learn more about this and other important vulnerabilities.