Friday , March 7 2025
Github

GitHub CLI Vulnerability Could Allow RCE

infosecbulletin Tuesday , November 19 2024 Uncategorized

A security vulnerability (CVE-2024-52308) in the GitHub Command Line Interface (CLI) could allow remote code execution on users’ devices. With a CVSS score of 8.1, this highlights the need for developers to stay vigilant with software updates and security measures.

The vulnerability arises from how the gh CLI handles SSH connection details with GitHub Codespaces, which uses SSH for secure communication between the local machine and the remote environment.

Sleeping Beauty
Researchers Bypassed CrowdStrike Falcon Sensor partially

By infosecbulletin / Friday , March 7 2025
SEC Consult researchers found a major vulnerability in CrowdStrike's Falcon Sensor, enabling attackers to evade detection and run malicious applications....
Read More
Sleeping Beauty Researchers Bypassed CrowdStrike Falcon Sensor partially

CVE-2025-22224
41,500+ VMware ESXi Instances Vulnerable to Attacks

By infosecbulletin / Thursday , March 6 2025
As of March 4, 2025, Shadowserver found that over 41,500 internet-exposed VMware ESXi hypervisors are vulnerable to the actively exploited...
Read More
CVE-2025-22224 41,500+ VMware ESXi Instances Vulnerable to Attacks

Register Now
AI Engineering Hackathon: Registration Open

By infosecbulletin / Wednesday , March 5 2025
On April 19, 2025 (Saturday), Brain Station 23 and Poridhi are jointly going to organize "AI ENGINEERING HACKATHON". The prize...
Read More
Register Now AI Engineering Hackathon: Registration Open

Cisco alerts about a Webex flaw that exposes credentials

By infosecbulletin / Wednesday , March 5 2025
Cisco has alerted customers about a vulnerability in Webex for BroadWorks that could allow unauthorized attackers to access credentials remotely....
Read More
Cisco alerts about a Webex flaw that exposes credentials

NVIDIA Issues Warning of Multiple Vulnerabilities

By infosecbulletin / Wednesday , March 5 2025
NVIDIA has released urgent security advisories for multiple vulnerabilities in its Hopper HGX 8-GPU High-Performance Computing platforms. A critical flaw...
Read More
NVIDIA Issues Warning of Multiple Vulnerabilities

Update Now
Chrome 134 Released, Fixes 14 Vulnerabilities

By infosecbulletin / Wednesday , March 5 2025
Google has released Chrome 134 for the stable channel on Windows, macOS, and Linux, effectively addressing 14 security vulnerabilities. Among...
Read More
Update Now Chrome 134 Released, Fixes 14 Vulnerabilities

Broadcom Patches 3 VMware Zero-Days Exploited In Attacks

By infosecbulletin / Tuesday , March 4 2025
Broadcom issued a security alert on Tuesday, warning VMware customers about 3 exploited zero-day vulnerabilities. Vulnerabilities CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226...
Read More
Broadcom Patches 3 VMware Zero-Days Exploited In Attacks

Singapore issues new guidelines for data center and cloud services

By infosecbulletin / Tuesday , March 4 2025
The Infocomm Media Development Authority (IMDA of Singapore unveils advisory guidelines to reduce occurrences of disruptions to cloud services and...
Read More
Singapore issues new guidelines for data center and cloud services

Update Alert!
Google Warns of Critical Android Vulns Under Attack

By infosecbulletin / Tuesday , March 4 2025
Google’s March 2025 Android Security Bulletin has unveiled two critical vulnerabilities—CVE-2024-43093 and CVE-2024-50302—currently under limited, targeted exploitation. These flaws affect...
Read More
Update Alert! Google Warns of Critical Android Vulns Under Attack

CISA adds Cisco and Windows vulns as actively exploited

By infosecbulletin / Tuesday , March 4 2025
CISA has advised US federal agencies to secure their systems against attacks targeting vulnerabilities in Cisco and Windows. Although these...
Read More
CISA adds Cisco and Windows vulns as actively exploited

According to GitHub’s security advisory, “This exploit occurs when a malicious third-party devcontainer contains a modified SSH server that injects ssh arguments within the SSH connection details. gh codespace ssh and gh codespace logs commands could execute arbitrary code on the user’s workstation if the remote username contains something like -oProxyCommand=”echo hacked” #.“

If a user connects to a compromised Codespace, the malicious SSH server has the capability to manipulate connection details and inject arbitrary commands. This could result in those commands being executed on the user’s machine, which may lead to severe consequences such as data breaches, system compromises, or even escalated malicious activities.

A successful exploit allows remote code execution (RCE) on a victim’s workstation, which can compromise the system, expose sensitive data, and lead to further attacks.According to GitHub, “Successful exploitation could lead to arbitrary code execution on the user’s workstation, potentially compromising the user’s data and system.”

GitHub has quickly fixed this vulnerability by releasing gh CLI version 2.62.0. Please upgrade to this version immediately.

Furthermore, GitHub advises developers to exercise caution when utilizing custom devcontainer images. “Prefer default or pre-built devcontainers from trusted sources,” the advisory recommends, emphasizing the importance of secure development practices.

Hacker offers “Popular Life Insurance” 36 GB of stolen data for sale

Check Also

Cellebrite

Android Phone’s Unlocked Using Cellebrite’s Zero-day Exploit

Amnesty International’s Security Lab discovered a cyber-espionage campaign in Serbia, where officials used a zero-day …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin