CVE-2023-29011: 
vulnerability analysis and mitigation

Git for Windows, prior to version 2.40.1, contained a security vulnerability (CVE-2023-29011) in its connect.exe component, which implements a SOCKS5 proxy for SSH server connections. The vulnerability stems from the hard-coded configuration file path '/etc/connectrc' (interpreted as 'C:\etc\connectrc'), which could be exploited on multi-user machines as any authenticated user could create the directory and place malicious files (GitHub Advisory).

The vulnerability exists in the connect.exe component's configuration file handling mechanism. The SOCKS5 proxy implementation uses a hard-coded path for its configuration file at '/etc/connectrc', which Windows interprets as 'C:\etc\connectrc'. Since Windows allows any authenticated user to create directories in the root of drive C:, malicious users could create the 'etc' directory and place unauthorized configuration files. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High) with vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H, indicating local access requirements but high potential impact (GitHub Advisory).

If exploited, this vulnerability could allow malicious users on multi-user systems to manipulate the SOCKS5 proxy configuration, potentially leading to unauthorized access and compromised network connections. The high CVSS scores for Confidentiality, Integrity, and Availability (all rated as High) indicate significant potential impact across all security aspects (GitHub Advisory).

The vulnerability has been patched in Git for Windows v2.40.1. For users unable to update immediately, two workarounds are available: 1) Create the 'etc' folder on all drives where Git commands are run and remove read/write access using the command 'mkdir \etc' followed by 'icacls \etc /inheritance:r', or 2) Monitor for malicious ':\etc\connectrc' files on multi-user machines (GitHub Advisory, Git Release).