https://flatt.tech/research/posts/clone2leak-your-git-credentials-belong-to-us
Multiple vulnerabilities have been discovered in popular Git clients, including GitHub Desktop, that could allow attackers to steal user credentials.
These vulnerabilities, stemming from improper handling of messages within the Git Credential Protocol, could be exploited by attackers to trick users into sending their credentials to malicious servers.
One such vulnerability, CVE-2025-23040, affects GitHub Desktop and allows attackers to inject malicious URLs that can mislead the client into sending credentials to the wrong server.
Other vulnerabilities impact the Git Credential Manager and Git LFS, also allowing attackers to exploit weaknesses in how these tools handle URLs and potentially leak credentials.
GitHub CLI is also vulnerable, particularly when used within GitHub Codespaces, where it can inadvertently leak access tokens to unauthorized hosts.
These vulnerabilities highlight the importance of keeping software updated and exercising caution when interacting with untrusted repositories.
Users are advised to update their Git clients to the latest versions, avoid cloning repositories from untrusted sources, and minimize the use of credential helpers where possible.