Vulnerability Description
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a crafted cookie signed with this secret, one can call Marshal.load with arbitrary data, which is a problem because the Marshal data format allows Ruby objects.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Github | Github | >= 2.8.0, < 2.8.7 |
Related Weaknesses (CWE)
References
- https://enterprise.github.com/releases/2.8.7/notesVendor Advisory
- https://www.exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.hExploitThird Party Advisory
- https://enterprise.github.com/releases/2.8.7/notesVendor Advisory
- https://www.exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.hExploitThird Party Advisory
FAQ
What is CVE-2017-18365?
CVE-2017-18365 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise se...
How severe is CVE-2017-18365?
CVE-2017-18365 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-18365?
Check the references section above for vendor advisories and patch information. Affected products include: Github Github.