Medium severity6.9NVD Advisory· Published Apr 19, 2024· Updated Apr 15, 2026

CVE-2024-32478

Description

Git Credential Manager (GCM) is a secure Git credential helper. Prior to 2.5.0, the Debian package does not set root ownership on installed files. This allows user 1001 on a multi-user system can replace binary and gain other users' privileges. This vulnerability is fixed in 2.5.0.

Patches

d9ac33c5b147

https://github.com/git-ecosystem/git-credential-managervia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/git-ecosystem/git-credential-manager/commit/d9ac33c5b1478383672b4425f5ecf875a62efba9nvd
github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-3c3g-h9rx-f7vqnvd

News mentions

No linked articles in our index yet.

cvss	0.449
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000