fkie_cve-2024-10001
Vulnerability from fkie_nvd
Published
2025-01-29 19:15
Modified
2025-01-29 19:15
Severity ?
7.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:L/SA:N
Summary
A Code Injection vulnerability was identified in GitHub Enterprise Server that allowed attackers to inject malicious code into the query selector via the identity property in the message handling function. This enabled the exfiltration of sensitive data by manipulating the DOM, including authentication tokens. To execute the attack, the victim must be logged into GitHub and interact with the attacker controlled malicious webpage containing the hidden iframe. This vulnerability occurs due to an improper sequence of validation, where the origin check occurs after accepting the user-controlled identity property. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.11.16, 3.12.10, 3.13.5, 3.14.2, and 3.15.0. This vulnerability was reported via the GitHub Bug Bounty program.
References
product-cna@github.comhttps://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.17
product-cna@github.comhttps://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.11
product-cna@github.comhttps://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.6
product-cna@github.comhttps://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.3
product-cna@github.comhttps://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.0
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Code Injection vulnerability was identified in GitHub Enterprise Server that allowed attackers to inject malicious code into the query selector via the identity property in the message handling function. This\u00a0enabled the exfiltration of sensitive data by manipulating the DOM, including authentication tokens.\u00a0To execute the attack, the victim must be logged into GitHub and interact with the attacker controlled malicious webpage containing the hidden iframe.\u00a0This vulnerability occurs due to an improper sequence of validation, where the origin check occurs after accepting the user-controlled\u00a0identity property.\u00a0This vulnerability affected all versions of GitHub Enterprise Server prior to 3.11.16, 3.12.10, 3.13.5, 3.14.2, and 3.15.0. This vulnerability was reported via the GitHub Bug Bounty program."
    },
    {
      "lang": "es",
      "value": "Se identific\u00f3 una vulnerabilidad de inyecci\u00f3n de c\u00f3digo en GitHub Enterprise Server que permit\u00eda a los atacantes inyectar c\u00f3digo malicioso en el selector de consultas a trav\u00e9s de la propiedad de identidad en la funci\u00f3n de gesti\u00f3n de mensajes. Esto permiti\u00f3 la exfiltraci\u00f3n de datos confidenciales mediante la manipulaci\u00f3n de los tokens de autenticaci\u00f3n DOM, incluida. Para ejecutar el ataque, la v\u00edctima debe iniciar sesi\u00f3n en GitHub e interactuar con la p\u00e1gina web maliciosa controlada por el atacante que contiene el iframe oculto. Esta vulnerabilidad se produce debido a una secuencia incorrecta de validaci\u00f3n, donde la verificaci\u00f3n de origen se produce despu\u00e9s de aceptar la propiedad de identidad controlada por el usuario. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a 3.11.16, 3.12.10, 3.13.5, 3.14.2 y 3.15.0. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
    }
  ],
  "id": "CVE-2024-10001",
  "lastModified": "2025-01-29T19:15:18.360",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "LOW",
          "userInteraction": "PASSIVE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "product-cna@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-01-29T19:15:18.360",
  "references": [
    {
      "source": "product-cna@github.com",
      "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.17"
    },
    {
      "source": "product-cna@github.com",
      "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.11"
    },
    {
      "source": "product-cna@github.com",
      "url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.6"
    },
    {
      "source": "product-cna@github.com",
      "url": "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.3"
    },
    {
      "source": "product-cna@github.com",
      "url": "https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.0"
    }
  ],
  "sourceIdentifier": "product-cna@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "product-cna@github.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.