CVE-2017-18365
high-risk
Published 2019-03-28
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a crafted cookie signed with this secret, one can call Marshal.load with arbitrary data, which is a problem because the Marshal data format allows Ruby objects.
Do I need to act?
!
40.7% chance of exploitation in next 30 days
EPSS score — higher than 59% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (2)
Github
Github
Affected Vendors
References (4)
Vendor Advisory
https://enterprise.github.com/releases/2.8.7/notes
Vendor Advisory
https://enterprise.github.com/releases/2.8.7/notes
56
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
17/34 · Moderate
Exposure
7/34 · Low