GitHub Enterprise Server Command Injection Vulnerability Allowed Attackers to Gain Admin Access

CVECVE-2024-1354
CVSScvssV3_1: 8
SourceCVE-2024-1354

A command injection vulnerability was found in GitHub Enterprise Server that could allow attackers to gain admin access to the server. GitHub Enterprise Server is a private version of GitHub used by companies for code hosting and collaboration.

The vulnerability affected versions prior to 3.12 and resided in the syslog-ng configuration file. Syslog-ng is a tool used for logging system messages. An attacker with editor access to the management console could craft a malicious command and have it executed with root privileges via this configuration file.

This meant that anyone with editor access, such as a collaborator, could potentially exploit the vulnerability to escalate their permissions to full administrator. As an admin, they would then have complete control over the server and access to all code repositories and user accounts.

Organizations using affected versions of GitHub Enterprise Server are recommended to immediately update to the latest version to patch this vulnerability. Administrators should also carefully manage access control settings and ensure only trusted users have editor roles in the management console. Regular security updates are also important to apply patches for any new issues found.

Proper access management and keeping software updated are important steps to help prevent attackers from exploiting vulnerabilities and gaining unauthorized elevated access.

References