Headline
GHSA-xxmh-rf63-qwjv: GitProxy Backfile Parsing Exploit
Summary
An attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts. By embedding a misleading PACK signature within commit content and carefully constructing the packet structure, the attacker can trick the parser into treating invalid or unintended data as the packfile. Potentially, this would allow bypassing approval or hiding commits.
Details
The affected version of parsePush.ts attempts to locate the Git PACK file by looking for the last occurrence of the string “PACK” in the incoming push payload:
const packStart = buffer.lastIndexOf('PACK');
This assumes that any “PACK” string near the end of the push is the beginning of the actual binary Git packfile. However, Git objects (commits, blobs, etc.) can contain arbitrary content (including the word PACK) in binary or non-compressed blobs.
An attacker could abuse this by:
- Crafting a custom packfile using low-level Git tools or by manually forging one
- Placing the string “PACK” inside a commit body or a binary file blob that appears after the real PACK start in the stream.
The parser then ignores the actual push and treats the binary blob/commit body as the PACK file. The actual push contents may violate existing push policies.
PoC
- Make a commit on any branch (example:
test-branch) containing the string “PACK” - Manually generate a custom packfile with both branches using
git pack-objectsor a low-level library/custom script: a) Add the string “PACK” after the real packfile’s PACK header in the binary stream - Push using a custom client/raw protocol injection
Impact
Attackers with push access can hide commits from scanning/approval and make changes that bypass policies, potentially inserting unwanted/malicious code into a GitProxy protected repository.
The vulnerability impacts all users or organizations relying on GitProxy to enforce policies and prevent unapproved changes. It requires no elevated privileges beyond regular push access, and no extra user interaction, however, it does require a considerable amount of technical skill and intentional effort to accomplish.
Summary
An attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts. By embedding a misleading PACK signature within commit content and carefully constructing the packet structure, the attacker can trick the parser into treating invalid or unintended data as the packfile. Potentially, this would allow bypassing approval or hiding commits.
Details
The affected version of parsePush.ts attempts to locate the Git PACK file by looking for the last occurrence of the string “PACK” in the incoming push payload:
const packStart = buffer.lastIndexOf(‘PACK’);
This assumes that any “PACK” string near the end of the push is the beginning of the actual binary Git packfile. However, Git objects (commits, blobs, etc.) can contain arbitrary content (including the word PACK) in binary or non-compressed blobs.
An attacker could abuse this by:
- Crafting a custom packfile using low-level Git tools or by manually forging one
- Placing the string “PACK” inside a commit body or a binary file blob that appears after the real PACK start in the stream.
The parser then ignores the actual push and treats the binary blob/commit body as the PACK file. The actual push contents may violate existing push policies.
PoC
- Make a commit on any branch (example: test-branch) containing the string “PACK”
- Manually generate a custom packfile with both branches using git pack-objects or a low-level library/custom script:
a) Add the string “PACK” after the real packfile’s PACK header in the binary stream - Push using a custom client/raw protocol injection
Impact
Attackers with push access can hide commits from scanning/approval and make changes that bypass policies, potentially inserting unwanted/malicious code into a GitProxy protected repository.
The vulnerability impacts all users or organizations relying on GitProxy to enforce policies and prevent unapproved changes. It requires no elevated privileges beyond regular push access, and no extra user interaction, however, it does require a considerable amount of technical skill and intentional effort to accomplish.
References
- GHSA-xxmh-rf63-qwjv
- finos/git-proxy@333c98a
- finos/git-proxy@a620a2f
- https://github.com/finos/git-proxy/releases/tag/v1.19.2