Login Sign Up

CVE-2019-1211

7.3 HIGH

📋 TL;DR

This is an elevation of privilege vulnerability in Git for Visual Studio where improper parsing of configuration files allows authenticated attackers to execute code as another local user. Attackers must modify Git configuration files before full installation and convince another user to run specific Git commands. Affects users of Git for Visual Studio with vulnerable configurations.

💻 Affected Systems

Products:
  • Git for Visual Studio
Versions: Versions prior to the security update
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Git configuration files to be modified before full installation completion, which may occur during interrupted or incomplete installations.

📦 What is this software?

Visual Studio 2017 by Microsoft

View all CVEs affecting Visual Studio 2017 →

Visual Studio 2017 by Microsoft

View all CVEs affecting Visual Studio 2017 →

Visual Studio 2019 by Microsoft

View all CVEs affecting Visual Studio 2019 →

Visual Studio 2019 by Microsoft

View all CVEs affecting Visual Studio 2019 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains full control of another user's account, executes arbitrary code with their privileges, potentially leading to complete system compromise.

🟠

Likely Case

Limited privilege escalation within shared development environments where users might execute Git commands on modified configurations.

🟢

If Mitigated

No impact if proper file permissions prevent unauthorized configuration modifications or if all users have patched installations.

🌐 Internet-Facing: LOW - Exploitation requires local authenticated access and user interaction.
🏢 Internal Only: MEDIUM - Risk exists in shared development environments where multiple users have access to systems with vulnerable Git installations.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires authenticated access to modify configuration files and social engineering to convince another user to execute specific Git commands.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update through Microsoft security update mechanism

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1211

Restart Required: No

Instructions:

1. Open Visual Studio. 2. Go to Help > Check for Updates. 3. Install all available updates. 4. Alternatively, use Windows Update to install the latest security updates for Visual Studio components.

🔧 Temporary Workarounds

Restrict configuration file permissions

windows

Set strict permissions on Git configuration files to prevent unauthorized modifications

icacls "%USERPROFILE%\.gitconfig" /inheritance:r /grant:r "%USERNAME%:(R,W)"
icacls "C:\Program Files\Git\etc\gitconfig" /inheritance:r /grant:r "Administrators:(F)" /grant:r "SYSTEM:(F)"

🧯 If You Can't Patch

  • Ensure all Git installations are complete and configuration files have proper restrictive permissions.
  • Implement user awareness training about not executing Git commands on untrusted or shared systems.

🔍 How to Verify

Check if Vulnerable:

Check if Git for Visual Studio is installed and verify version is not the latest patched version through Visual Studio About dialog.

Check Version:

In Visual Studio: Help > About Microsoft Visual Studio

Verify Fix Applied:

Verify Visual Studio and Git components are updated to latest versions through Windows Update history or Visual Studio installer.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected modifications to .gitconfig files in user profiles
  • Git command execution errors related to configuration parsing

Network Indicators:

  • None - this is a local privilege escalation vulnerability

SIEM Query:

EventID=4663 AND ObjectName LIKE "%.gitconfig" AND Accesses="WriteData"

📊 Metadata

CVE ID: CVE-2019-1211
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Published: August 14, 2019
Last Updated: February 20, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON