Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2024-52308

Опубликовано: 14 нояб. 2024
Источник: ubuntu
Приоритет: high
CVSS3: 8

Описание

The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using gh codespace ssh or gh codespace logs commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an SSH server running within the devcontainer, which is generally provided through the [default devcontainer image]( https://docs.github.com/en/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-... https://docs.github.com/en/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers#using-the-default-dev-container-configuration) . GitHub CLI [retrieves SSH connection details]( https://github.com/cli/cli/blob/30066b0042d0c5928d959e288144300cb28196c9/internal/codespaces/rpc/inv... https://github.com/cli/cli/blob/30066b0042d0c5928d959e288144300cb28196c9/internal/codespaces/rpc/invoker.go#L230-L244 ), such as remote username, which is u...

РелизСтатусПримечание
devel

not-affected

2.46.0-4
esm-apps/jammy

not-affected

code-not-present
esm-apps/noble

released

2.45.0-1ubuntu0.2+esm1
esm-infra/focal

DNE

focal

DNE

jammy

not-affected

code-not-present
noble

needed

oracular

released

2.46.0-1ubuntu0.2
plucky

ignored

end of life, was needed
questing

not-affected

2.46.0-3

Показывать по

Ссылки на источники

8 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2024-52308

CVSS3: 8
nvd
около 1 года назад

The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an SSH server running within the devcontainer, which is generally provided through the [default devcontainer image]( https://docs.github.com/en/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-... https://docs.github.com/en/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers#using-the-default-dev-container-configuration) . GitHub CLI [retrieves SSH connection details]( https://github.com/cli/cli/blob/30066b0042d0c5928d959e288144300cb28196c9/internal/codespaces/rpc/inv... https://github.com/cli/cli/blob/30066b0042d0c5928d959e288144300cb28196c9/internal/codespaces/rpc/invoker.go#L230-L244 ), such as remote username, which is use

msrc логотип

CVE-2024-52308

CVSS3: 9.6
msrc
около 1 года назад

Описание отсутствует

debian логотип

CVE-2024-52308

CVSS3: 8
debian
около 1 года назад

The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code ...

suse-cvrf логотип

openSUSE-SU-2025:0021-1

suse-cvrf
около 1 года назад

Security update for gh

github логотип

GHSA-p2h2-3vg9-4p87

CVSS3: 8
github
около 1 года назад

Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer

8 High

CVSS3