CVE-2024-0200 - OpenCVE

An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Github	Enterprise Server

Configuration 1 [-]

OR	cpe:2.3:a:github:enterprise_server::::::::
	cpe:2.3:a:github:enterprise_server::::::::
	cpe:2.3:a:github:enterprise_server::::::::
	cpe:2.3:a:github:enterprise_server::::::::

References

Link	Resource
https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5	Release Notes
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3	Release Notes
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13	Release Notes
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8	Release Notes

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_P

Published: 2024-01-16T18:50:48.931Z

Updated: 2024-06-04T17:58:31.817Z

Reserved: 2024-01-02T19:47:57.924Z

Link: CVE-2024-0200

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-01-16T19:15:08.667

Modified: 2024-01-23T19:52:46.093

Link: CVE-2024-0200

JSON object: View

Redhat Information

No data.

CWE

CWE-470

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0200", "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "state": "PUBLISHED", "assignerShortName": "GitHub_P", "dateReserved": "2024-01-02T19:47:57.924Z", "datePublished": "2024-01-16T18:50:48.931Z", "dateUpdated": "2024-06-04T17:58:31.817Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Enterprise Server", "vendor": "GitHub", "versions": [{"lessThan": "3.8.13", "status": "affected", "version": "3.8.0", "versionType": "semver"}, {"lessThan": "3.9.8", "status": "affected", "version": "3.9.0", "versionType": "semver"}, {"lessThan": "3.10.5", "status": "affected", "version": "3.10.0", "versionType": "semver"}, {"lessThan": "3.11.3", "status": "affected", "version": "3.11.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Ngo Wei Lin of STAR Labs"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. <span style=\"background-color: rgb(255, 255, 255);\">This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program.</span><br><br>"}], "value": "An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability\u00a0could lead to the execution of user-controlled methods and remote code execution. To\u00a0exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role.\u00a0This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program.\n\n"}], "impacts": [{"capecId": "CAPEC-138", "descriptions": [{"lang": "en", "value": "CAPEC-138 Reflection Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-470", "description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P", "dateUpdated": "2024-01-16T18:50:48.931Z"}, "references": [{"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13"}, {"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8"}, {"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5"}, {"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3"}], "source": {"discovery": "EXTERNAL"}, "title": "Unsafe Reflection in Github Enterprise Server leading to Command Injection", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0200", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-22T16:25:02.384808Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:github:enterprise_server:-:*:*:*:*:*:*:*"], "vendor": "github", "product": "enterprise_server", "versions": [{"status": "affected", "version": "3.8.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:58:31.817Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "253739D1-3AED-408C-97C9-279159F8AE96", "versionEndExcluding": "3.8.13", "versionStartIncluding": "3.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "ECFE0544-DC34-4F4F-B803-AEBCF7B2B74F", "versionEndExcluding": "3.9.8", "versionStartIncluding": "3.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "319648B0-78F1-444D-A947-DB4E0BDFAC6E", "versionEndExcluding": "3.10.5", "versionStartIncluding": "3.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "107BE45D-EA6F-499B-872D-38883D296915", "versionEndExcluding": "3.11.3", "versionStartIncluding": "3.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability\u00a0could lead to the execution of user-controlled methods and remote code execution. To\u00a0exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role.\u00a0This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program.\n\n"}, {"lang": "es", "value": "Se identific\u00f3 una vulnerabilidad de reflexi\u00f3n insegura en GitHub Enterprise Server que podr\u00eda provocar una inyecci\u00f3n de reflexi\u00f3n. Esta vulnerabilidad podr\u00eda conducir a la ejecuci\u00f3n de m\u00e9todos controlados por el usuario y a la ejecuci\u00f3n remota de c\u00f3digo. Para aprovechar este error, un actor deber\u00eda iniciar sesi\u00f3n en una cuenta en la instancia de GHES con el rol de propietario de la organizaci\u00f3n. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.12 y se solucion\u00f3 en las versiones 3.8.13, 3.9.8, 3.10.5 y 3.11.3. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."}], "id": "CVE-2024-0200", "lastModified": "2024-01-23T19:52:46.093", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.3, "source": "product-cna@github.com", "type": "Secondary"}]}, "published": "2024-01-16T19:15:08.667", "references": [{"source": "product-cna@github.com", "tags": ["Release Notes"], "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5"}, {"source": "product-cna@github.com", "tags": ["Release Notes"], "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3"}, {"source": "product-cna@github.com", "tags": ["Release Notes"], "url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13"}, {"source": "product-cna@github.com", "tags": ["Release Notes"], "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8"}], "sourceIdentifier": "product-cna@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-470"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-470"}], "source": "product-cna@github.com", "type": "Secondary"}]}