CVE-2024-10007

Improper Link Resolution Before File Access ('Link Following') (CWE-59)

Published: Nov 7, 2024 / Updated: 12d ago

010
CVSS 8.7EPSS 0.05%High
CVE info copied to clipboard

Summary

A path collision and arbitrary code execution vulnerability was identified in GitHub Enterprise Server that allowed container escape and privilege escalation to root via the ghe-firejail path. This vulnerability affected all versions of GitHub Enterprise prior to 3.15 and was fixed in versions 3.14.3, 3.13.6, 3.12.11, and 3.11.17. This vulnerability was reported via the GitHub Bug Bounty program.

Impact

This vulnerability could allow an attacker to escape from a container and escalate privileges to root on the host system. The potential impacts include: 1. Unauthorized access to the host system with root privileges 2. Ability to execute arbitrary code on the host system 3. Potential compromise of other containers or services running on the same host 4. Access to sensitive data or systems that are typically isolated from containers 5. Potential for lateral movement within the network if the compromised host has access to other systems

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. The vulnerability has been fixed in the following versions of GitHub Enterprise Server: - 3.14.3 - 3.13.6 - 3.12.11 - 3.11.17 All versions prior to 3.15 are affected and should be updated to one of these patched versions or a later version.

Mitigation

1. Update GitHub Enterprise Server to one of the patched versions (3.14.3, 3.13.6, 3.12.11, 3.11.17) or a later version as soon as possible. 2. If immediate patching is not possible, consider implementing additional access controls and monitoring for the ghe-firejail path. 3. Monitor for any suspicious activities or unauthorized access attempts related to container environments. 4. Implement the principle of least privilege for container access and management. 5. Regularly audit and update security configurations for container environments. 6. Consider implementing additional container isolation techniques or security tools to enhance protection against container escape vulnerabilities.

CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

CVE Assignment

NVD published the first details for CVE-2024-10007

Nov 7, 2024 at 9:15 PM
CVSS

A CVSS base score of 8.7 has been assigned.

Nov 7, 2024 at 9:20 PM / nvd
First Article

Feedly found the first article mentioning CVE-2024-10007. See article

Nov 7, 2024 at 9:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Nov 7, 2024 at 9:51 PM
EPSS

EPSS Score was set to: 0.05% (Percentile: 16.7%)

Nov 8, 2024 at 10:18 AM
Static CVE Timeline Graph

Affected Systems

Github/enterprise_server
+null more

Links to Mitre Att&cks

T1547.009: Shortcut Modification
+null more

Attack Patterns

CAPEC-132: Symlink Attack
+null more

News

CVE-2024-10007
High Severity Description A path collision and arbitrary code execution vulnerability was identified in GitHub Enterprise Server that allowed container escape to escalate to root via ghe-firejail path. Exploitation of this vulnerability requires Enterprise Administrator access to the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise prior to 3.15 and was fixed in versions 3.14.3, 3.13.6, 3.12.11, and 3.11.17. This vulnerability was reported via the GitHub Bug Bounty program. Read more at https://www.tenable.com/cve/CVE-2024-10007
NA - CVE-2024-10007 - A path collision and arbitrary code execution...
A path collision and arbitrary code execution vulnerability was identified in GitHub Enterprise Server that allowed container escape to escalate to root via ghe-firejail path. Exploitation of this...
CVE-2024-10007 | GitHub Enterprise Server up to 3.11.16/3.12.10/3.13.5/3.14.2 link following
A vulnerability was found in GitHub Enterprise Server up to 3.11.16/3.12.10/3.13.5/3.14.2 . It has been rated as problematic . Affected by this issue is some unknown functionality. The manipulation leads to link following. This vulnerability is handled as CVE-2024-10007 . Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.
CVE-2024-10007
A path collision and arbitrary code execution vulnerability was identified in GitHub Enterprise Server that allowed container escape to escalate to root via ghe-firejail path. Exploitation of this vulnerability requires Enterprise Administrator access to the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise prior to 3.15 and was fixed in versions 3.14.3, 3.13.6, 3.12.11, and 3.11.17. This vulnerability was reported via the GitHub Bug Bounty program.
CVE-2024-10007
A path collision and arbitrary code execution vulnerability was identified in GitHub Enterprise Server that allowed container escape and privilege escalation to root via the ghe-firejail path. This vulnerability affected all versions of GitHub Enterprise prior to 3.15 and was fixed in versions 3.14.3, 3.13.6, 3.12.11, and 3.11.17. This vulnerability was reported via the GitHub Bug Bounty...
See 3 more articles and social media posts

CVSS V3.1

Unknown

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI