CVE-2022-31012 – CVE-2022-31012 is a vulnerability in Git for Wi... (How to Fix)

📋 TL;DR

CVE-2022-31012 is a vulnerability in Git for Windows where the installer mistakenly executes a binary from C:\mingw64\bin\git.exe during fresh installations. This allows attackers to potentially execute arbitrary code by placing malicious files in that location. Only users performing fresh installations of affected Git for Windows versions are impacted.

💻 Affected Systems

Products:

Git for Windows

Versions: All versions prior to 2.37.1

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects fresh installations, not upgrades. Requires attacker to place malicious git.exe in C:\mingw64\bin\

📦 What is this software?

Git by Gitforwindows

View all CVEs affecting Git →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with SYSTEM privileges leading to complete system compromise

🟠

Likely Case

Local privilege escalation or arbitrary code execution if attacker can place files in C:\mingw64\bin\

🟢

If Mitigated

No impact if proper folder permissions or workarounds are implemented

🌐 Internet-Facing: LOW - Requires local access or ability to place files on target system

🏢 Internal Only: MEDIUM - Internal attackers with file write access could exploit this

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to write files to C:\mingw64\bin\ directory before installation

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.37.1 and later

Vendor Advisory: https://github.com/git-for-windows/git/security/advisories/GHSA-gjrj-fxvp-hjj2

Restart Required: No

Instructions:

1. Download Git for Windows 2.37.1 or later from official sources. 2. Run the installer. 3. Choose 'Upgrade' if upgrading existing installation.

🔧 Temporary Workarounds

Create and secure mingw64 folder

windows

Create C:\mingw64 folder and remove read/write permissions to prevent file placement

mkdir C:\mingw64
icacls C:\mingw64 /deny Everyone:(OI)(CI)(F)

Restrict folder creation in C:\

windows

Disallow arbitrary authenticated users from creating folders in C:\ drive root

icacls C:\ /deny Everyone:(OI)(CI)(WD,AD)

🧯 If You Can't Patch

Perform upgrades instead of fresh installations when possible
Monitor for unauthorized file creation in C:\mingw64\bin\ directory

🔍 How to Verify

Check if Vulnerable:

Check Git version with 'git --version'. If version is earlier than 2.37.1 and installed as fresh installation, system is vulnerable.

Check Version:

git --version

Verify Fix Applied:

Run 'git --version' and confirm version is 2.37.1 or later. Check that C:\mingw64\bin\git.exe does not exist or has proper permissions.

📡 Detection & Monitoring

Log Indicators:

Windows Event Logs showing file creation in C:\mingw64\bin\
Installation logs showing Git for Windows installation

Network Indicators:

No network indicators - local exploitation only

SIEM Query:

EventID=4663 AND ObjectName LIKE 'C:\\mingw64\\bin\\%' AND AccessMask=0x100

📊 Metadata

CVE ID: CVE-2022-31012

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-426

Published: July 12, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/git-for-windows/git/releases/tag/v2.37.1.windows.1 Release Notes,Third Party Advisory
https://github.com/git-for-windows/git/security/advisories/GHSA-gjrj-fxvp-hjj2 Mitigation,Third Party Advisory
https://github.com/git-for-windows/git/releases/tag/v2.37.1.windows.1 Release Notes,Third Party Advisory
https://github.com/git-for-windows/git/security/advisories/GHSA-gjrj-fxvp-hjj2 Mitigation,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-31012, you might also want to check these: