CVE-2024-2443 – A command injection vulnerability in GitHub Ent... (How to Fix)

Q: What is the severity of CVE-2024-2443?

CVE-2024-2443 has a CVSS score of 9.1 (CRITICAL). A command injection vulnerability in GitHub Enterprise Server allows attackers with editor role access to the Management Console to execute arbitrary commands and gain admin SSH access to the appliance. This affects all GitHub Enterprise Server versions prior to 3.13. Exploitation requires authenticated access to the Management Console with editor privileges.

📋 TL;DR

A command injection vulnerability in GitHub Enterprise Server allows attackers with editor role access to the Management Console to execute arbitrary commands and gain admin SSH access to the appliance. This affects all GitHub Enterprise Server versions prior to 3.13. Exploitation requires authenticated access to the Management Console with editor privileges.

💻 Affected Systems

Products:

GitHub Enterprise Server

Versions: All versions prior to 3.13

Operating Systems: GitHub Enterprise Server appliance OS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is present in default configurations when GeoJSON settings are configured via Management Console.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the GitHub Enterprise Server appliance with admin SSH access, allowing data exfiltration, system modification, and lateral movement within the environment.

🟠

Likely Case

Privilege escalation from editor to admin role, enabling unauthorized access to sensitive repositories, user data, and system configuration.

🟢

If Mitigated

Limited impact if proper access controls restrict Management Console access and network segmentation isolates the appliance.

🌐 Internet-Facing: MEDIUM - While the vulnerability requires authenticated access, internet-facing instances with exposed Management Console increase attack surface.

🏢 Internal Only: HIGH - Internal attackers with editor privileges can exploit this to gain full administrative control of the appliance.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access to Management Console with editor role. No public exploit code is known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.8.17, 3.9.12, 3.10.9, 3.11.7, 3.12.1, or 3.13+

Vendor Advisory: https://docs.github.com/en/enterprise-server/admin/release-notes

Restart Required: Yes

Instructions:

1. Backup your GitHub Enterprise Server instance. 2. Download the appropriate patch version from GitHub Enterprise downloads. 3. Follow the upgrade instructions for your version. 4. Restart the appliance after upgrade completion.

🔧 Temporary Workarounds

Restrict Management Console Access

all

Limit access to Management Console to only trusted administrators with minimal privileges.

Network Segmentation

all

Isolate GitHub Enterprise Server appliance from other critical systems to limit lateral movement potential.

🧯 If You Can't Patch

Immediately restrict Management Console access to only essential administrators
Implement strict monitoring and alerting for any Management Console access and SSH authentication attempts

🔍 How to Verify

Check if Vulnerable:

Check current version via Management Console or SSH: ghe-version

Check Version:

ssh admin@your-ghe-instance 'ghe-version'

Verify Fix Applied:

Verify version is 3.8.17, 3.9.12, 3.10.9, 3.11.7, 3.12.1, or 3.13+ using ghe-version command

📡 Detection & Monitoring

Log Indicators:

Unusual SSH authentication attempts from Management Console IPs
Suspicious command execution in system logs
Unexpected admin role changes

Network Indicators:

SSH connections originating from Management Console subnet to unexpected destinations
Unusual outbound connections from GitHub appliance

SIEM Query:

source="github-enterprise" AND (event="ssh_auth" OR event="command_execution") AND user_role="admin" AND src_ip IN [management_console_ips]

📊 Metadata

CVE ID: CVE-2024-2443

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-20

Published: March 20, 2024

Last Updated: September 4, 2025

🔗 References

https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.9 Release Notes
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.7 Release Notes
https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.1 Release Notes
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.17 Release Notes
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.12 Release Notes
https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.9 Release Notes
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.7 Release Notes
https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.1 Release Notes
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.17 Release Notes
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.12 Release Notes

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-2443, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Enterprise Server by Github

Enterprise Server by Github

Enterprise Server by Github

Enterprise Server by Github

Enterprise Server by Github

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Management Console Access

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities