Vulnerability Details : CVE-2017-18365
Potential exploit
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a crafted cookie signed with this secret, one can call Marshal.load with arbitrary data, which is a problem because the Marshal data format allows Ruby objects.
Vulnerability category: Execute code
Products affected by CVE-2017-18365
- cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*
- cpe:2.3:a:github:github:2.8.7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-18365
11.71%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-18365
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-18365
-
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-18365
-
https://www.exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html
GitHub Enterprise Remote Code Execution | exablue GmbHExploit;Third Party Advisory
-
https://enterprise.github.com/releases/2.8.7/notes
GitHub Enterprise - The best way to build and ship softwareVendor Advisory
Jump to