CVE-2024-0200 – An unsafe reflection vulnerability in GitHub En... (How to Fix)

Q: What is the severity of CVE-2024-0200?

CVE-2024-0200 has a CVSS score of 7.2 (HIGH). An unsafe reflection vulnerability in GitHub Enterprise Server allows authenticated organization owners to execute arbitrary methods, potentially leading to remote code execution. This affects all GitHub Enterprise Server instances running versions prior to 3.12. The vulnerability requires an attacker to have organization owner privileges on the target instance.

📋 TL;DR

An unsafe reflection vulnerability in GitHub Enterprise Server allows authenticated organization owners to execute arbitrary methods, potentially leading to remote code execution. This affects all GitHub Enterprise Server instances running versions prior to 3.12. The vulnerability requires an attacker to have organization owner privileges on the target instance.

💻 Affected Systems

Products:

GitHub Enterprise Server

Versions: All versions prior to 3.12

Operating Systems: Linux (GitHub Enterprise Server appliance)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects instances with organization owners present. Requires authenticated access with organization owner role.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full remote code execution on the GitHub Enterprise Server instance, allowing complete system compromise and data exfiltration.

🟠

Likely Case

Privilege escalation leading to unauthorized access to sensitive repositories, user data, and administrative functions.

🟢

If Mitigated

Limited impact due to strong access controls and monitoring, with only authorized organization owners potentially exploiting the vulnerability.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires organization owner credentials and knowledge of reflection injection techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.8.13, 3.9.8, 3.10.5, 3.11.3, or 3.12+

Vendor Advisory: https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5

Restart Required: Yes

Instructions:

1. Backup your GitHub Enterprise Server instance. 2. Download the appropriate patched version from GitHub Enterprise. 3. Follow the upgrade instructions for your version. 4. Restart the instance after upgrade completion.

🔧 Temporary Workarounds

Restrict Organization Owner Access

all

Reduce the number of users with organization owner privileges to minimize attack surface.

Enhanced Monitoring

all

Implement strict monitoring of organization owner account activities and API calls.

🧯 If You Can't Patch

Implement strict least-privilege access controls for organization owner roles
Deploy network segmentation to isolate GitHub Enterprise Server from critical systems

🔍 How to Verify

Check if Vulnerable:

Check your GitHub Enterprise Server version via the Management Console or SSH into the appliance and run 'ghe-version'

Check Version:

ssh admin@your-ghes-instance 'ghe-version'

Verify Fix Applied:

Verify version is 3.8.13, 3.9.8, 3.10.5, 3.11.3, or 3.12+ using 'ghe-version' command

📡 Detection & Monitoring

Log Indicators:

Unusual reflection API calls from organization owner accounts
Suspicious method invocations in application logs
Unexpected process executions from GitHub services

Network Indicators:

Anomalous outbound connections from GitHub Enterprise Server
Unexpected data exfiltration patterns

SIEM Query:

source="github-enterprise" AND (event_type="reflection_call" OR user_role="organization_owner") AND status="success"

📊 Metadata

CVE ID: CVE-2024-0200

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L

CWE: CWE-470

Published: January 16, 2024

Last Updated: November 21, 2024

🔗 References

https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5 Release Notes
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3 Release Notes
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13 Release Notes
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8 Release Notes
https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5 Release Notes
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3 Release Notes
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13 Release Notes
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8 Release Notes

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-0200, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Enterprise Server by Github

Enterprise Server by Github

Enterprise Server by Github

Enterprise Server by Github

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Organization Owner Access

Enhanced Monitoring

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities