CVE-2024-2469
Remote Code Execution in GitHub Enterprise Server Allowed Administrators to gain SSH access to the appliance
Severity Score
8.0
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.
Un atacante con función de administrador en GitHub Enterprise Server podría obtener acceso raíz SSH mediante la ejecución remota de código. Esta vulnerabilidad afectó a GitHub Enterprise Server versión 3.8.0 y superiores y se solucionó en las versiones 3.8.17, 3.9.12, 3.10.9, 3.11.7 y 3.12.1. Esta vulnerabilidad se informó a través del programa GitHub Bug Bounty.
*Credits:
inspector-ambitious
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-03-14 CVE Reserved
- 2024-03-20 CVE Published
- 2024-03-21 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
- CAPEC-242: Code Injection
References (5)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| GitHub Search vendor "GitHub" | Enterprise Server Search vendor "GitHub" for product "Enterprise Server" | >= 3.8.0 <= 3.8.16 Search vendor "GitHub" for product "Enterprise Server" and version " >= 3.8.0 <= 3.8.16" | en |
Affected
| ||||||
| GitHub Search vendor "GitHub" | Enterprise Server Search vendor "GitHub" for product "Enterprise Server" | >= 3.9.0 <= 3.9.11 Search vendor "GitHub" for product "Enterprise Server" and version " >= 3.9.0 <= 3.9.11" | en |
Affected
| ||||||
| GitHub Search vendor "GitHub" | Enterprise Server Search vendor "GitHub" for product "Enterprise Server" | >= 3.10.0 <= 3.10.8 Search vendor "GitHub" for product "Enterprise Server" and version " >= 3.10.0 <= 3.10.8" | en |
Affected
| ||||||
| GitHub Search vendor "GitHub" | Enterprise Server Search vendor "GitHub" for product "Enterprise Server" | >= 3.11.0 <= 3.11.6 Search vendor "GitHub" for product "Enterprise Server" and version " >= 3.11.0 <= 3.11.6" | en |
Affected
| ||||||
| GitHub Search vendor "GitHub" | Enterprise Server Search vendor "GitHub" for product "Enterprise Server" | 3.12.0 Search vendor "GitHub" for product "Enterprise Server" and version "3.12.0" | en |
Affected
| ||||||