An Emerging Ducktail Infostealer – Active IOCs
January 10, 2025Mirai Botnet aka Katana – Active IOCs
January 11, 2025An Emerging Ducktail Infostealer – Active IOCs
January 10, 2025Mirai Botnet aka Katana – Active IOCs
January 11, 2025Severity
Medium
Analysis Summary
CVE-2024-53858 CVSS:6.5
The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing `git` submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several `gh` commands used to clone a repository with submodules from a non-GitHub host including `gh repo clone`, `gh repo fork`, and `gh pr checkout`.
CVE-2024-53859 CVSS:6.5
Go module for interacting with the `gh` utility and the GitHub API from the command line. A security vulnerability has been identified in `go-gh` that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. `go-gh` sources authentication tokens from different environment variables depending on the host involved: 1. `GITHUB_TOKEN`, `GH_TOKEN` for GitHub.com and ghe.com and 2. `GITHUB_ENTERPRISE_TOKEN`, `GH_ENTERPRISE_TOKEN`.
Impact
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-53858
- CVE-2024-53859
Affected Vendors
Affected Products
- CLI GitHub CLI - 2.62.0
- GitHub CLI go-gh - 2.11.0
Remediation
Upgrade to the latest version, available from the GIT Repository.