CVE-2024-1378: 
GitHub Enterprise Server vulnerability analysis and mitigation

A command injection vulnerability (CVE-2024-1378) was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring SMTP options. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. The vulnerability was reported through the GitHub Bug Bounty program (GitHub Release Notes).

The vulnerability is classified as HIGH severity with a CVSS v3.1 base score of 9.1 (CRITICAL). The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring high privileges (PR:H), no user interaction (UI:N), and affecting scope changed (S:C). The impact includes high confidentiality, integrity, and availability (C:H/I:H/A:H). The vulnerability is categorized under CWE-77 (Command Injection) and CWE-20 (Improper Input Validation) (NVD).

If exploited, this vulnerability would allow an attacker with editor role access to the Management Console to gain administrative SSH access to the GitHub Enterprise Server appliance. This could potentially lead to complete system compromise, as the attacker would obtain elevated privileges on the system (GitHub Release Notes).

The vulnerability has been patched in multiple GitHub Enterprise Server versions: 3.11.5, 3.10.7, 3.9.10, and 3.8.15. Organizations should upgrade their GitHub Enterprise Server installations to one of these patched versions or later to mitigate this vulnerability (GitHub Release Notes).