CVE-2024-1355 in GitHubinfo

Summary

by MITRE • 02/13/2024

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 03/24/2025

This command injection vulnerability in GitHub Enterprise Server represents a critical privilege escalation flaw that demonstrates the dangerous potential of insufficient input validation in administrative interfaces. The vulnerability specifically resides within the actions-console docker container where the service URL configuration setting process fails to properly sanitize user input, allowing malicious commands to be executed with elevated privileges. The attack vector requires an attacker to possess an editor role within the Management Console, which represents a significant operational risk since this role typically should not grant administrative access to core system components. The flaw enables an attacker with relatively limited access to escalate their privileges and gain full administrative SSH access to the appliance, effectively bypassing normal security boundaries that should protect the system's core infrastructure. This vulnerability directly maps to CWE-77 and CWE-94, which classify it as a command injection vulnerability and a code injection flaw respectively, both of which are categorized under the broader category of injection vulnerabilities that remain among the most prevalent and dangerous security flaws in software systems.

The operational impact of this vulnerability extends beyond simple privilege escalation to encompass complete system compromise and potential data exfiltration. Once an attacker gains administrative SSH access through this vector, they can manipulate the entire GitHub Enterprise Server infrastructure including user accounts, repository permissions, system configurations, and potentially access sensitive data stored within the appliance. The vulnerability affects all versions prior to 3.12, indicating a prolonged window of exposure where organizations using older versions remained at risk, particularly those with delayed patch management processes. The fix implemented across multiple version branches including 3.11.5, 3.10.7, 3.9.10, and 3.8.15 demonstrates the severity of the issue and the need for comprehensive remediation across different release channels. From an attack perspective, this vulnerability aligns with ATT&CK technique T1059.001 which covers command and scripting interpreter execution, and T1078.004 which addresses valid accounts with elevated privileges, since the attack requires legitimate access to the system but exploits the privilege escalation to gain administrative control.

Organizations should prioritize immediate patching of affected systems to prevent exploitation, particularly in environments where the Management Console is accessible to multiple users or where the editor role is granted to users who may not require such elevated permissions. The vulnerability highlights the importance of principle of least privilege enforcement and proper input sanitization in administrative interfaces. Additional mitigations should include monitoring for unusual configuration changes in the Management Console, implementing network segmentation to limit access to the Management Console, and conducting regular security assessments of administrative interfaces. The fact that this vulnerability was discovered through the GitHub Bug Bounty program demonstrates the effectiveness of coordinated disclosure processes in identifying and addressing critical security flaws before they can be exploited in the wild. Security teams should also review their access control policies to ensure that users with editor roles cannot perform actions that would lead to privilege escalation, and implement proper logging and alerting mechanisms to detect potential exploitation attempts. This vulnerability serves as a reminder that administrative interfaces, even when restricted to specific roles, must maintain strict input validation and privilege boundaries to prevent unauthorized access to core system functionality.

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!