// For flags

CVE-2024-2469

Remote Code Execution in GitHub Enterprise Server Allowed Administrators to gain SSH access to the appliance

Severity Score

8.0
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.

Un atacante con función de administrador en GitHub Enterprise Server podría obtener acceso raíz SSH mediante la ejecución remota de código. Esta vulnerabilidad afectó a GitHub Enterprise Server versión 3.8.0 y superiores y se solucionó en las versiones 3.8.17, 3.9.12, 3.10.9, 3.11.7 y 3.12.1. Esta vulnerabilidad se informó a través del programa GitHub Bug Bounty.

*Credits: inspector-ambitious
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2024-03-14 CVE Reserved
  • 2024-03-20 CVE Published
  • 2024-03-21 EPSS Updated
  • 2024-08-01 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
  • CAPEC-242: Code Injection
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
GitHub
Search vendor "GitHub"
Enterprise Server
Search vendor "GitHub" for product "Enterprise Server"
>= 3.8.0 <= 3.8.16
Search vendor "GitHub" for product "Enterprise Server" and version " >= 3.8.0 <= 3.8.16"
en
Affected
GitHub
Search vendor "GitHub"
Enterprise Server
Search vendor "GitHub" for product "Enterprise Server"
>= 3.9.0 <= 3.9.11
Search vendor "GitHub" for product "Enterprise Server" and version " >= 3.9.0 <= 3.9.11"
en
Affected
GitHub
Search vendor "GitHub"
Enterprise Server
Search vendor "GitHub" for product "Enterprise Server"
>= 3.10.0 <= 3.10.8
Search vendor "GitHub" for product "Enterprise Server" and version " >= 3.10.0 <= 3.10.8"
en
Affected
GitHub
Search vendor "GitHub"
Enterprise Server
Search vendor "GitHub" for product "Enterprise Server"
>= 3.11.0 <= 3.11.6
Search vendor "GitHub" for product "Enterprise Server" and version " >= 3.11.0 <= 3.11.6"
en
Affected
GitHub
Search vendor "GitHub"
Enterprise Server
Search vendor "GitHub" for product "Enterprise Server"
3.12.0
Search vendor "GitHub" for product "Enterprise Server" and version "3.12.0"
en
Affected