Command Injection Vulnerability Patched in GitHub Enterprise Server – Protect Your Code Repository

CVECVE-2024-1372
CVSScvssV3_1: 9.1
SourceCVE-2024-1372

GitHub Enterprise Server is a popular tool used by many companies to host private code repositories. Unfortunately, a serious command injection vulnerability was discovered that could allow attackers access to code repositories if left unpatched.

The vulnerability was located in the GitHub Enterprise Server Management Console and affected versions prior to 3.12. It allowed an attacker with editor access in the console to execute arbitrary commands on the server with admin privileges. This means they could access and download code, install malware, delete repositories, and more.

To exploit it, the attacker would need access to the Management Console interface with at least editor permissions. From there, they could craft malicious input containing shell commands when configuring SAML settings that would be executed on the server with full admin rights.

GitHub was notified of the issue through their bug bounty program and quickly released patches to fix it in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. It’s important all GitHub Enterprise Server instances are updated to the latest version to close this security hole.

If you use GitHub Enterprise Server to host private code, be sure to check you have the latest updates installed. Also review access permissions and login activity for any suspicious actions. Taking prompt action can help prevent attackers from accessing or compromising your valuable code repositories.

References