A recent discovery by a cybersecurity researcher uncovered multiple vulnerabilities in Git’s credential helper, allowing threat actors to steal login credentials from various projects. The researcher named these attacks “Clone2Leak,” focusing on the mishandling of authentication messages by Git. Vulnerabilities were identified in GitHub Desktop, Git LFS, GitHub CLI/Codespaces, and Git Credential Manager, with patches now available to address the issues. Users are advised to update to the latest secure versions, including GitHub Desktop 3.4.12, Git Credential Manager 2.6.1, Git LFS 3.6.1, and gh cli 2.63.0, and enable Git’s ‘credential.protectProtocol’ to enhance security. It is crucial for users to audit their credential configurations and exercise caution when cloning repositories to prevent potential credential leakage. The vulnerabilities have been eliminated, but maintaining updated tools and heightened security measures remains essential.