CVE-2017-18365 : What You Need to Know

GitHub Enterprise versions 2.8.x before 2.8.7 have a vulnerability in the Management Console that allows unauthorized remote attackers to execute arbitrary code through deserialization.

Understanding CVE-2017-18365

This CVE involves a security issue in GitHub Enterprise versions 2.8.x before 2.8.7 that enables attackers to execute arbitrary code remotely.

What is CVE-2017-18365?

The vulnerability in GitHub Enterprise versions 2.8.x before 2.8.7 allows unauthorized remote attackers to execute arbitrary code through deserialization. This is due to the consistent use of the same enterprise session secret, which can be discovered in the product's source code.

The Impact of CVE-2017-18365

Unauthorized remote attackers can execute arbitrary code through deserialization in GitHub Enterprise versions 2.8.x before 2.8.7.
Attackers can exploit the vulnerability by sending a manipulated cookie signed with the secret, allowing the execution of arbitrary data using the Marshal.load function.
The vulnerability is significant as the Marshal data format permits the handling of Ruby objects.

Technical Details of CVE-2017-18365

GitHub Enterprise versions 2.8.x before 2.8.7 are affected by a critical vulnerability that allows remote code execution.

Vulnerability Description

The Management Console in GitHub Enterprise versions 2.8.x before 2.8.7 has a deserialization issue that enables unauthenticated remote attackers to execute arbitrary code. This arises from the consistent use of the same enterprise session secret found in the product's source code.

Affected Systems and Versions

GitHub Enterprise versions 2.8.x before 2.8.7

Exploitation Mechanism

Attackers can exploit the vulnerability by sending a crafted cookie signed with the secret, allowing the execution of arbitrary data using the Marshal.load function.
The vulnerability exists because the Marshal data format permits the handling of Ruby objects.

Mitigation and Prevention

GitHub Enterprise users should take immediate steps to secure their systems and prevent exploitation of CVE-2017-18365.

Immediate Steps to Take

Update GitHub Enterprise to version 2.8.7 or later to mitigate the vulnerability.
Monitor for any unauthorized access or suspicious activities on the Management Console.

Long-Term Security Practices

Regularly review and update security configurations and access controls.
Conduct security audits to identify and address any potential vulnerabilities.

Patching and Updates

Apply patches and updates provided by GitHub Enterprise to address security issues and prevent exploitation of vulnerabilities.