Cyber Resilience

CVE-2024-52006

Low

Published: 14 January 2025

Published
14 January 2025
Modified
18 December 2025
KEV Added
Patch
CVSS Score v4 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0336 87.6th percentile
Risk Priority 6 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-52006 is a low-severity Improper Encoding or Escaping of Output (CWE-116) vulnerability in Git Git. Its CVSS base score is 2.1 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unsecured Credentials (T1552); ranked in the top 12.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2024-52006 affects Git, a distributed revision control system, specifically its line-based protocol used to exchange information between Git and credential helpers. Certain ecosystems, most notably .NET and node.js, interpret single Carriage Return (CR) characters as newlines, rendering the existing protections against CVE-2020-5260 incomplete for credential helpers that process CRs in this way. The vulnerability is associated with CWE-116 (Improper Encoding or Escaping of Output), CWE-147 (Less Robust Fix), and CWE-150 (Improper Neutralization of CRLF Sequences), and impacts Git versions prior to the patched releases.

The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), allowing remote, unauthenticated attackers with low complexity and no user interaction to achieve high-impact confidentiality violations. Exploitation occurs when users clone repositories from untrusted sources, where attackers can manipulate protocol responses using CR characters to bypass safeguards, potentially leading to unauthorized access to stored credentials via affected credential helpers.

Git has addressed the issue in commit b01b9b81d36759cdcd07305e78765199e1bc2060, which is included in release versions v2.48.1, v2.47.2, v2.46.3, v2.45.3, v2.44.3, v2.43.6, v2.42.4, v2.41.3, and v2.40.4. Security practitioners should advise users to upgrade immediately. For those unable to upgrade, mitigation involves avoiding clones from untrusted URLs, particularly recursive clones. Detailed advisories are available from Git's GitHub security pages (GHSA-qm7j-c969-7j4q, GHSA-r5ph-xg7q-xfrp, and Git Credential Manager's GHSA-86c2-4x57-wc8g) and Debian LTS announcements.

EU & UK References

Vulnerability details

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and Git…

more

credential helpers. Some ecosystems (most notably, .NET and node.js) interpret single Carriage Return characters as newlines, which renders the protections against CVE-2020-5260 incomplete for credential helpers that treat Carriage Returns in this way. This issue has been addressed in commit `b01b9b8` which is included in release versions v2.48.1, v2.47.2, v2.46.3, v2.45.3, v2.44.3, v2.43.6, v2.42.4, v2.41.3, and v2.40.4. Users are advised to upgrade. Users unable to upgrade should avoid cloning from untrusted URLs, especially recursive clones.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
T1555 Credentials from Password Stores Credential Access
Adversaries may search for common password storage locations to obtain user credentials.
Why these techniques?

Vulnerability enables bypass of credential helper protocol protections, directly facilitating theft of stored Git credentials/tokens from password stores or unsecured locations during clone operations from attacker-controlled repos.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-52005Same product: Git Git
CVE-2024-55581Same product: Debian Debian Linux
CVE-2025-62600Same product: Debian Debian Linux
CVE-2025-62603Same product: Debian Debian Linux
CVE-2025-0781Same product: Debian Debian Linux
CVE-2025-1080Same product: Debian Debian Linux
CVE-2025-68670Same product: Debian Debian Linux
CVE-2026-25061Same product: Debian Debian Linux
CVE-2025-38352Same product: Debian Debian Linux
CVE-2025-62599Same product: Debian Debian Linux

Affected Assets

git
git
2.48.0 · ≤ 2.40.4 · 2.41.0 — 2.41.3 · 2.42.0 — 2.42.4
debian
debian linux
11.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely remediation of flaws like CVE-2024-52006 by upgrading Git to patched versions that fix improper CR handling in credential helper protocols.

detect

Enables detection of vulnerable Git installations through vulnerability scanning that identifies outdated versions affected by CVE-2024-52006.

detect

Ensures receipt and dissemination of security advisories for CVE-2024-52006, facilitating awareness and initiation of patching or workaround measures.

References