CVE-2024-0200

An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5	Release Notes
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3	Release Notes
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13	Release Notes
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8	Release Notes

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:github:enterprise_server::::::::
	cpe:2.3:a:github:enterprise_server::::::::
	cpe:2.3:a:github:enterprise_server::::::::
	cpe:2.3:a:github:enterprise_server::::::::

History

No history.

Information

Published : 2024-01-16 19:15

Updated : 2024-01-23 19:52

NVD link : CVE-2024-0200

Mitre link : CVE-2024-0200

CVE.ORG link : CVE-2024-0200

JSON object : View

Products Affected

github

enterprise_server

CWE

CWE-470

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

{"id": "CVE-2024-0200", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "product-cna@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.3, "exploitabilityScore": 1.3}]}, "published": "2024-01-16T19:15:08.667", "references": [{"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5", "tags": ["Release Notes"], "source": "product-cna@github.com"}, {"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3", "tags": ["Release Notes"], "source": "product-cna@github.com"}, {"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13", "tags": ["Release Notes"], "source": "product-cna@github.com"}, {"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8", "tags": ["Release Notes"], "source": "product-cna@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-470"}]}, {"type": "Secondary", "source": "product-cna@github.com", "description": [{"lang": "en", "value": "CWE-470"}]}], "descriptions": [{"lang": "en", "value": "An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability\u00a0could lead to the execution of user-controlled methods and remote code execution. To\u00a0exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role.\u00a0This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program.\n\n"}, {"lang": "es", "value": "Se identific\u00f3 una vulnerabilidad de reflexi\u00f3n insegura en GitHub Enterprise Server que podr\u00eda provocar una inyecci\u00f3n de reflexi\u00f3n. Esta vulnerabilidad podr\u00eda conducir a la ejecuci\u00f3n de m\u00e9todos controlados por el usuario y a la ejecuci\u00f3n remota de c\u00f3digo. Para aprovechar este error, un actor deber\u00eda iniciar sesi\u00f3n en una cuenta en la instancia de GHES con el rol de propietario de la organizaci\u00f3n. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.12 y se solucion\u00f3 en las versiones 3.8.13, 3.9.8, 3.10.5 y 3.11.3. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."}], "lastModified": "2024-01-23T19:52:46.093", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "253739D1-3AED-408C-97C9-279159F8AE96", "versionEndExcluding": "3.8.13", "versionStartIncluding": "3.8.0"}, {"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECFE0544-DC34-4F4F-B803-AEBCF7B2B74F", "versionEndExcluding": "3.9.8", "versionStartIncluding": "3.9.0"}, {"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "319648B0-78F1-444D-A947-DB4E0BDFAC6E", "versionEndExcluding": "3.10.5", "versionStartIncluding": "3.10.0"}, {"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "107BE45D-EA6F-499B-872D-38883D296915", "versionEndExcluding": "3.11.3", "versionStartIncluding": "3.11.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-cna@github.com"}