What is the severity of CVE-2023-29012?

The severity of CVE-2023-29012 is high.

Which software is affected by CVE-2023-29012?

Visual Studio 2022 versions 17.2, 17.4, and 17.0, as well as Visual Studio 2019 version 16.11 are affected by CVE-2023-29012.

How can I fix CVE-2023-29012 for Visual Studio 2022 version 17.2?

You can download the patch for Visual Studio 2022 version 17.2 from the following URL: https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2

How can I fix CVE-2023-29012 for Visual Studio 2022 version 17.4?

You can download the patch for Visual Studio 2022 version 17.4 from the following URL: https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4

How can I fix CVE-2023-29012 for Visual Studio 2019 version 16.11?

You can download the patch for Visual Studio 2019 version 16.11 from the following URL: https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11

Vulnerability/
CVE-2023-29012

high

7.8

CWE

427

25/4/2023

13/6/2023

CVE-2023-29012

First published: Tue Apr 25 2023(Updated: )

Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed `doskey.exe` would be executed silently upon running Git CMD. The problem has been patched in Git for Windows v2.40.1. As a workaround, avoid using Git CMD or, if using Git CMD, avoid starting it in an untrusted directory.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Microsoft Visual Studio 2017 (includes 15.0 - 15.8)	=15.9	fix available externally
Microsoft Visual Studio 2019 (includes 16.0 - 16.10)	=16.11	fix available externally
Microsoft Visual Studio 2022	=17.6	fix available externally
Microsoft Visual Studio 2022	=17.0	fix available externally
Microsoft Visual Studio 2022	=17.2	fix available externally
Git For Windows Project Git For Windows	<2.40.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-29012?
The severity of CVE-2023-29012 is high.
Which software is affected by CVE-2023-29012?
Visual Studio 2022 versions 17.2, 17.4, and 17.0, as well as Visual Studio 2019 version 16.11 are affected by CVE-2023-29012.
How can I fix CVE-2023-29012 for Visual Studio 2022 version 17.2?
You can download the patch for Visual Studio 2022 version 17.2 from the following URL: https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2
How can I fix CVE-2023-29012 for Visual Studio 2022 version 17.4?
You can download the patch for Visual Studio 2022 version 17.4 from the following URL: https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4
How can I fix CVE-2023-29012 for Visual Studio 2019 version 16.11?
You can download the patch for Visual Studio 2019 version 16.11 from the following URL: https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11

collector/msrc
collector/msrc-cve
agent/event
agent/type
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/software-canonical-lookup-request
agent/references
agent/severity
agent/weakness
agent/author
agent/tags
agent/description
collector/nvd-index
vendor/microsoft
canonical/microsoft visual studio 2017 (includes 15.0 - 15.8)
version/microsoft visual studio 2017 (includes 15.0 - 15.8)/15.9
canonical/microsoft visual studio 2019 (includes 16.0 - 16.10)
version/microsoft visual studio 2019 (includes 16.0 - 16.10)/16.11
canonical/microsoft visual studio 2022
version/microsoft visual studio 2022/17.6
version/microsoft visual studio 2022/17.0
version/microsoft visual studio 2022/17.4
version/microsoft visual studio 2022/17.2
vendor/git for windows project
canonical/git for windows project git for windows