Vulnerabilities > CVE-2017-18365 - Deserialization of Untrusted Data vulnerability in Github

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

github

CWE-502

critical

NVD

Published: 2019-03-28

Updated: 2019-03-29

Summary

The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a crafted cookie signed with this secret, one can call Marshal.load with arbitrary data, which is a problem because the Marshal data format allows Ruby objects.

Vulnerable Configurations

Part	Description	Count
Application	Github Github Github 2.8.0 Github Github 2.8.1 Github Github 2.8.2 Github Github 2.8.3 Github Github 2.8.4 Github Github 2.8.5 Github Github 2.8.6 Github Github 2.8.7	8

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References