Git Credential Disclosure Vulnerability (CVE-2020-5260) Threat Alert

May 1, 2020

Vulnerability Description

On April 15, Git issued a security bulletin announcing a vulnerability that could reveal Git user credentials (CVE-2020-5260). Git uses a credential helper to store and retrieve credentials. But when a URL contains an encoded newline (%0a), it may inject unexpected values into the protocol stream of the credential helper.  This vulnerability is triggered when the affected version of Git is used to execute a git clone command on a malicious URL. Users should take preventive measures as soon as possible. (more…)


Subscribe to the NSFOCUS Blog