Multiple security vulnerabilities have been disclosed in GitHub Desktop and other Git-related projects, collectively dubbed Clone2Leak, that could enable attackers to gain unauthorized access to a user’s Git credentials. These vulnerabilities stem from improper handling of messages in the Git Credential Protocol, which retrieves credentials from the credential helper. Exploiting these flaws allows attackers to exfiltrate credentials by leveraging maliciously crafted URLs, highlighting a significant risk for users handling sensitive repositories or tokens.

According to the Researcher, the identified vulnerabilities include four CVEs: CVE-2025-23040 (CVSS 6.6), which allows credential leaks via malicious URLs in GitHub Desktop; CVE-2024-50338 (CVSS 7.4), enabling carriage-return character injection in Git Credential Manager; CVE-2024-53263 (CVSS 8.5), where Git LFS is susceptible to credential leaks through crafted HTTP URLs; and CVE-2024-53858 (CVSS 6.5), which involves recursive repository cloning in GitHub CLI leaking tokens to non-GitHub submodule hosts. These vulnerabilities exploit gaps such as carriage return smuggling, CRLF injection, and inadequate host verification, potentially exposing sensitive credentials to attacker-controlled hosts.

The vulnerabilities are exacerbated by specific scenarios like GitHub Codespaces, where the CODESPACES environment variable is always set to "true." This allows malicious repositories to leak access tokens configured for enterprise or GitHub hosts. Additionally, the Git project has categorized carriage return smuggling as a standalone vulnerability (CVE-2024-52006, CVSS 2.1) and patched it in version v2.48.1. Another related flaw, CVE-2024-50349 (CVSS 2.1), could trick users into providing credentials to arbitrary sites via escape sequences in crafted URLs.

To mitigate these risks, users are strongly advised to update Git, GitHub Desktop, and related tools to their latest versions. If immediate patching is not possible, precautions include avoiding git clone with --recurse-submodules on untrusted repositories and restricting the use of credential helpers to only publicly accessible repositories. These steps, alongside careful URL verification and environment variable handling, can significantly reduce exposure to these vulnerabilities and safeguard sensitive resources.