CVE-2024-10001: 
GitHub Enterprise Server vulnerability analysis and mitigation

A Code Injection vulnerability (CVE-2024-10001) was identified in GitHub Enterprise Server that allowed attackers to inject malicious code into the query selector via the identity property in the message handling function. The vulnerability was discovered and reported through the GitHub Bug Bounty program and affects all versions of GitHub Enterprise Server prior to 3.11.16, 3.12.10, 3.13.5, 3.14.2, and 3.15.0 (GitHub Release Notes).

The vulnerability enables attackers to inject malicious code through the identity parameter in querySelector handling. This allows for the exfiltration of sensitive data by manipulating the DOM, including authentication tokens. The attack requires the victim to be logged into GitHub and interact with an attacker-controlled malicious webpage containing a hidden iframe. The vulnerability occurs due to an improper sequence of validation, where the origin check occurs after accepting the user-controlled identity property. The severity is rated as HIGH according to GitHub's assessment (GitHub Release Notes).

The vulnerability allows attackers to exfiltrate sensitive data from the DOM, including authentication tokens, by manipulating the DOM through malicious code injection. This could potentially lead to unauthorized access to user data and authentication credentials (GitHub Release Notes).

The vulnerability has been patched in GitHub Enterprise Server versions 3.11.16, 3.12.10, 3.13.5, 3.14.2, and 3.15.0. Organizations should upgrade their GitHub Enterprise Server installations to these versions or later to mitigate the vulnerability (GitHub Release Notes).