CVE-2024-10001

A Code Injection vulnerability was identified in GitHub Enterprise Server that allowed attackers to inject malicious code into the query selector via the identity property in the message handling function. This enabled the exfiltration of sensitive data by manipulating the DOM, including authentication tokens. To execute the attack, the victim must be logged into GitHub and interact with the attacker controlled malicious webpage containing the hidden iframe. This vulnerability occurs due to an improper sequence of validation, where the origin check occurs after accepting the user-controlled identity property. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.11.16, 3.12.10, 3.13.5, 3.14.2, and 3.15.0. This vulnerability was reported via the GitHub Bug Bounty program.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://docs.github.com/en/[email protected]/admin/release-notes#3.11.17	Release Notes
https://docs.github.com/en/[email protected]/admin/release-notes#3.12.11	Release Notes
https://docs.github.com/en/[email protected]/admin/release-notes#3.13.6	Release Notes
https://docs.github.com/en/[email protected]/admin/release-notes#3.14.3	Release Notes
https://docs.github.com/en/[email protected]/admin/release-notes#3.15.0	Release Notes

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:github:enterprise_server::::::::
	cpe:2.3:a:github:enterprise_server::::::::
	cpe:2.3:a:github:enterprise_server::::::::
	cpe:2.3:a:github:enterprise_server::::::::

History

No history.

Information

Published : 2025-01-29 19:15

Updated : 2025-09-05 15:00

NVD link : CVE-2024-10001

Mitre link : CVE-2024-10001

CVE.ORG link : CVE-2024-10001

JSON object : View

Products Affected

github

enterprise_server

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2024-10001", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-01-29T19:15:18.360", "references": [{"url": "https://docs.github.com/en/[email protected]/admin/release-notes#3.11.17", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://docs.github.com/en/[email protected]/admin/release-notes#3.12.11", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://docs.github.com/en/[email protected]/admin/release-notes#3.13.6", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://docs.github.com/en/[email protected]/admin/release-notes#3.14.3", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://docs.github.com/en/[email protected]/admin/release-notes#3.15.0", "tags": ["Release Notes"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "A Code Injection vulnerability was identified in GitHub Enterprise Server that allowed attackers to inject malicious code into the query selector via the identity property in the message handling function. This\u00a0enabled the exfiltration of sensitive data by manipulating the DOM, including authentication tokens.\u00a0To execute the attack, the victim must be logged into GitHub and interact with the attacker controlled malicious webpage containing the hidden iframe.\u00a0This vulnerability occurs due to an improper sequence of validation, where the origin check occurs after accepting the user-controlled\u00a0identity property.\u00a0This vulnerability affected all versions of GitHub Enterprise Server prior to 3.11.16, 3.12.10, 3.13.5, 3.14.2, and 3.15.0. This vulnerability was reported via the GitHub Bug Bounty program."}, {"lang": "es", "value": "Se identific\u00f3 una vulnerabilidad de inyecci\u00f3n de c\u00f3digo en GitHub Enterprise Server que permit\u00eda a los atacantes inyectar c\u00f3digo malicioso en el selector de consultas a trav\u00e9s de la propiedad de identidad en la funci\u00f3n de gesti\u00f3n de mensajes. Esto permiti\u00f3 la exfiltraci\u00f3n de datos confidenciales mediante la manipulaci\u00f3n de los tokens de autenticaci\u00f3n DOM, incluida. Para ejecutar el ataque, la v\u00edctima debe iniciar sesi\u00f3n en GitHub e interactuar con la p\u00e1gina web maliciosa controlada por el atacante que contiene el iframe oculto. Esta vulnerabilidad se produce debido a una secuencia incorrecta de validaci\u00f3n, donde la verificaci\u00f3n de origen se produce despu\u00e9s de aceptar la propiedad de identidad controlada por el usuario. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a 3.11.16, 3.12.10, 3.13.5, 3.14.2 y 3.15.0. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."}], "lastModified": "2025-09-05T15:00:06.637", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB550802-6704-4D1B-9E98-75DFE784BF7A", "versionEndExcluding": "3.11.6"}, {"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F70645DE-4DC2-40CB-B425-4E002B302FDB", "versionEndExcluding": "3.12.10", "versionStartIncluding": "3.12.0"}, {"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B08CBD2C-6DA7-4C0F-9812-42933F51C003", "versionEndExcluding": "3.13.5", "versionStartIncluding": "3.13.0"}, {"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59E74193-93FE-45FE-8C74-34EC30EEB03C", "versionEndExcluding": "3.14.2", "versionStartIncluding": "3.14.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}