A security vulnerability (CVE-2024-52308) in the GitHub Command Line Interface (CLI) could allow remote code execution on users’ devices. With a CVSS score of 8.1, this highlights the need for developers to stay vigilant with software updates and security measures.
The vulnerability arises from how the gh CLI handles SSH connection details with GitHub Codespaces, which uses SSH for secure communication between the local machine and the remote environment.
By infosecbulletin
/ Tuesday , March 11 2025
CISA included three vulnerabilities in Ivanti Endpoint Manager—CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161—in its Known Exploited Vulnerabilities catalog. Federal agencies must address...
Read More
By infosecbulletin
/ Sunday , March 9 2025
Ransomware attacks reached a record high in February, surpassing previous months, according to a Cyble report. The Cyble report tracked...
Read More
By infosecbulletin
/ Saturday , March 8 2025
NTT Communications Corporation discovered illegal access to its facilities on February 5 and confirmed on February 6 that some information...
Read More
By infosecbulletin
/ Friday , March 7 2025
India's Maharashtra Deputy Chief Minister Devendra Fadnavis disclosed alarming cyber fraud figures for Pune in 2024 during the Assembly session....
Read More
By infosecbulletin
/ Friday , March 7 2025
Cybersecurity researcher Jeremiah Fowler found that over a dozen unprotected databases from the German firm Lost and Found Software exposed...
Read More
By infosecbulletin
/ Friday , March 7 2025
Cisco Talos found that an unknown attacker has been targeting organizations in Japan since January 2025. The attacker exploited the...
Read More
By infosecbulletin
/ Friday , March 7 2025
SEC Consult researchers found a vulnerability in CrowdStrike's Falcon Sensor, enabling attackers to evade detection and run malicious applications. The...
Read More
By infosecbulletin
/ Thursday , March 6 2025
As of March 4, 2025, Shadowserver found that over 41,500 internet-exposed VMware ESXi hypervisors are vulnerable to the actively exploited...
Read More
By infosecbulletin
/ Wednesday , March 5 2025
On April 19, 2025 (Saturday), Brain Station 23 and Poridhi are jointly going to organize "AI ENGINEERING HACKATHON". The prize...
Read More
By infosecbulletin
/ Wednesday , March 5 2025
Cisco has alerted customers about a vulnerability in Webex for BroadWorks that could allow unauthorized attackers to access credentials remotely....
Read More
According to GitHub’s security advisory, “This exploit occurs when a malicious third-party devcontainer contains a modified SSH server that injects ssh arguments within the SSH connection details. gh codespace ssh and gh codespace logs commands could execute arbitrary code on the user’s workstation if the remote username contains something like -oProxyCommand=”echo hacked” #.“
If a user connects to a compromised Codespace, the malicious SSH server has the capability to manipulate connection details and inject arbitrary commands. This could result in those commands being executed on the user’s machine, which may lead to severe consequences such as data breaches, system compromises, or even escalated malicious activities.
A successful exploit allows remote code execution (RCE) on a victim’s workstation, which can compromise the system, expose sensitive data, and lead to further attacks.According to GitHub, “Successful exploitation could lead to arbitrary code execution on the user’s workstation, potentially compromising the user’s data and system.”
GitHub has quickly fixed this vulnerability by releasing gh CLI version 2.62.0. Please upgrade to this version immediately.
Furthermore, GitHub advises developers to exercise caution when utilizing custom devcontainer images. “Prefer default or pre-built devcontainers from trusted sources,” the advisory recommends, emphasizing the importance of secure development practices.
Hacker offers “Popular Life Insurance” 36 GB of stolen data for sale