CVE-2024-10001
published 2025-01-29CVE-2024-10001: A Code Injection vulnerability was identified in GitHub Enterprise Server that allowed attackers to inject malicious code into the query selector via the…
PriorityP338high7.1CVSS 3.1
AVNACLPRNUIRSUCHILAN
EPSS
0.37%
29.0th percentile
A Code Injection vulnerability was identified in GitHub Enterprise Server that allowed attackers to inject malicious code into the query selector via the identity property in the message handling function. This enabled the exfiltration of sensitive data by manipulating the DOM, including authentication tokens. To execute the attack, the victim must be logged into GitHub and interact with the attacker controlled malicious webpage containing the hidden iframe. This vulnerability occurs due to an improper sequence of validation, where the origin check occurs after accepting the user-controlled identity property. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.11.16, 3.12.10, 3.13.5, 3.14.2, and 3.15.0. This vulnerability was reported via the GitHub Bug Bounty program.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github | enterprise_server | < 3.11.6 | 3.11.6 |
| github | enterprise_server | 3.11.0 – 3.11.16 | — |
| github | enterprise_server | >= 3.12.0 < 3.12.10 | 3.12.10 |
| github | enterprise_server | 3.12.0 – 3.12.10 | — |
| github | enterprise_server | >= 3.13.0 < 3.13.5 | 3.13.5 |
| github | enterprise_server | 3.13.0 – 3.13.5 | — |
| github | enterprise_server | >= 3.14.0 < 3.14.2 | 3.14.2 |
| github | enterprise_server | 3.14.0 – 3.14.2 | — |
| github | enterprise_server | 3.15.0 – 3.15.1 | — |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
nvdv4.07.1HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-998c-6m77-6859: A Code Injection vulnerability was identified in GitHub Enterprise Server that allowed attackers to inject malicious code into the query selector via
ghsa_unreviewed·2025-01-29
CVE-2024-10001 [HIGH] CWE-94 GHSA-998c-6m77-6859: A Code Injection vulnerability was identified in GitHub Enterprise Server that allowed attackers to inject malicious code into the query selector via
A Code Injection vulnerability was identified in GitHub Enterprise Server that allowed attackers to inject malicious code into the query selector via the identity property in the message handling function. This enabled the exfiltration of sensitive data by manipulating the DOM, including authentication tokens. To execute the attack, the victim must be logged into GitHub and interact with the attacker controlled malicious webpage containing the hidden iframe. This vulnerability occurs due to an improper sequence of validation, where the origin check occurs after accepting the user-controlled identity property. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.11.16, 3.12.10, 3.13.5, 3.14.2, and 3.15.0. This vulnerability was reported via the GitHub Bug Bounty p
Red Hat
kernel: sched/core: Disable page allocation in task_tick_mm_cid()
vendor_redhat·2024-11-07·CVSS 5.5
CVE-2024-50140 [MEDIUM] CWE-413 kernel: sched/core: Disable page allocation in task_tick_mm_cid()
kernel: sched/core: Disable page allocation in task_tick_mm_cid()
In the Linux kernel, the following vulnerability has been resolved:
sched/core: Disable page allocation in task_tick_mm_cid()
With KASAN and PREEMPT_RT enabled, calling task_work_add() in
task_tick_mm_cid() may cause the following splat.
[ 63.696416] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48
[ 63.696416] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 610, name: modprobe
[ 63.696416] preempt_count: 10001, expected: 0
[ 63.696416] RCU nest depth: 1, expected: 1
This problem is caused by the following call trace.
sched_tick() [ acquire rq->__lock ]
-> task_tick_mm_cid()
-> task_work_add()
-> __kasan_record_aux_stack()
-> kasan_save_stack()
-> stack_depot_save_flags()
-> alloc
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://docs.github.com/en/[email protected]/admin/release-notes#3.11.17https://docs.github.com/en/[email protected]/admin/release-notes#3.12.11https://docs.github.com/en/[email protected]/admin/release-notes#3.13.6https://docs.github.com/en/[email protected]/admin/release-notes#3.14.3https://docs.github.com/en/[email protected]/admin/release-notes#3.15.0
2025-01-29
Published