CVE-2024-1359 is a critical command injection vulnerability affecting GitHub Enterprise Server versions prior to 3.12, specifically versions 3.8.0, 3.9.0, 3.10.0, and 3.11.0. The vulnerability arises from improper input validation (CWE-20) during the configuration of an HTTP proxy within the Management Console. An attacker with an editor role in the Management Console can exploit this flaw to execute arbitrary commands, ultimately gaining administrative SSH access to the GitHub Enterprise Server appliance. This level of access allows the attacker to fully control the server, potentially leading to unauthorized code execution, data exfiltration, manipulation of repositories, and disruption of services. Exploitation requires prior access to the GitHub Enterprise Server instance and Management Console with at least editor privileges, meaning the attacker must already have some level of internal access or compromised credentials. The vulnerability was responsibly disclosed through the GitHub Bug Bounty program and fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. The CVSS v3.1 score is 9.1 (critical), reflecting the high impact on confidentiality, integrity, and availability, with network attack vector, low attack complexity, and no user interaction required. No known exploits are currently reported in the wild, but the severity and ease of exploitation make timely patching essential.

For European organizations using GitHub Enterprise Server, this vulnerability poses a significant risk. GitHub Enterprise Server is widely used by enterprises for source code management, CI/CD pipelines, and collaboration. An attacker exploiting this vulnerability could gain full administrative control over the server, leading to theft or tampering of sensitive intellectual property, insertion of malicious code into software supply chains, disruption of development workflows, and potential lateral movement within corporate networks. Given the critical nature of software supply chain security, exploitation could have cascading effects on software integrity and trust. Organizations in sectors such as finance, healthcare, telecommunications, and government are particularly at risk due to the sensitive nature of their codebases and regulatory requirements. The requirement for editor-level access limits the attack surface but does not eliminate risk, especially in environments with many users or insufficient access controls. The vulnerability’s impact on availability could also disrupt development operations, causing financial and reputational damage.

European organizations should immediately verify their GitHub Enterprise Server versions and upgrade to the patched releases (3.11.5, 3.10.7, 3.9.10, or 3.8.15) as applicable. Beyond patching, organizations should audit and restrict Management Console access, ensuring that only trusted personnel have editor or higher roles. Implement strict role-based access controls (RBAC) and regularly review user privileges to minimize the number of users with elevated rights. Enable and monitor detailed logging and alerting on Management Console activities to detect suspicious proxy configuration attempts. Network segmentation should be employed to isolate GitHub Enterprise Servers from broader internal networks, limiting potential lateral movement. Additionally, organizations should conduct internal penetration testing and vulnerability assessments focusing on administrative interfaces. Employ multi-factor authentication (MFA) for all console access to reduce the risk of credential compromise. Finally, integrate GitHub Enterprise Server monitoring with Security Information and Event Management (SIEM) systems to enhance detection capabilities.