CVE-2024-54132 GitHub CLI allows downloading malicious GitHub Actions workflow artifact to result in path traversal vulnerability

The GitHub CLI is GitHub’s official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. This vulnerability stems from ...

CVE-2024-54132 GitHub CLI allows downloading malicious GitHub Actions workflow artifact to result in path traversal vulnerability

The GitHub CLI is GitHub’s official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. This vulnerability stems from ...

GitHub CLI 路径遍历漏洞

GitHub CLI is the GitHub CLI open source for GitHub on the command line. A path traversal vulnerability exists in GitHub CLI version 2.63.0 and earlier, which stems from the possibility that files may be created or overwritten in unintended directories when a user downloads a malicious GitHub...

PT-2024-9531

Name of the Vulnerable Software and Affected Versions GitHub CLI versions prior to 2.63.1 Description A security issue has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run...

Ubuntu: Security Advisory (USN-7130-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AZL-53759 CVE-2024-53858 affecting package gh for versions less than 2.13.0-24

The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several gh commands...

DEBIAN-CVE-2024-53858

The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several gh commands...

UBUNTU-CVE-2024-53858

The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several gh commands...

GHSA-JWCM-9G39-PMCW Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts

Summary A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. Details This vulnerability stems from several gh commands used to clone a repository with...

CVE-2024-53858 Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in the gh cli

The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several gh commands...

CVE-2024-53858

CVE-2024-53858 affects the gh CLI (GitHub CLI) and can leak authentication tokens when cloning repositories that contain git submodules hosted outside GitHub.com/ghe.com. The root cause is that certain gh commands (e.g., gh repo clone, gh repo fork, gh pr checkout) invoke git in a way that retrie...

CVE-2024-53858

The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several gh commands...

CVE-2024-53858 Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in the gh cli

The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several gh commands...

GitHub CLI 信息泄露漏洞

GitHub CLI is the GitHub CLI open source for GitHub on the command line. An information disclosure vulnerability exists in GitHub CLI versions prior to 2.63.0, which stems from the possibility of disclosing authentication tokens...

PT-2024-35955

Name of the Vulnerable Software and Affected Versions: GitHub CLI versions prior to 2.63.0 Description: A security issue has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This...

USN-7130-1 gh vulnerability

It was discovered that GitHub CLI incorrectly handled username validation. An attacker could possibly use this issue to perform remote code execution if the user connected to a malicious server. CVE-2024-52308...

USN-7130-1: GitHub CLI vulnerability

It was discovered that GitHub CLI incorrectly handled username validation. An attacker could possibly use this issue to perform remote code execution if the user connected to a malicious server. CVE-2024-52308...

Ubuntu 24.04 LTS / 24.10 : GitHub CLI vulnerability (USN-7130-1)

The remote Ubuntu 24.04 LTS / 24.10 host has a package installed that is affected by a vulnerability as referenced in the USN-7130-1 advisory. It was discovered that GitHub CLI incorrectly handled username validation. An attacker could possibly use this issue to perform remote code execution if t...

Vulnerability fixed in GitHub CLI

GitHub has fixed a vulnerability in GitHub CLI Specifically for versions 2.6.1 and earlier. The vulnerability is in how GitHub CLI manages SSH connection details. This could allow malicious actors to execute arbitrary code on the user's workstation when connecting to a malicious Codespace SSH...

AZL-53217 CVE-2024-52308 affecting package gh for versions less than 2.62.0-1

The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using gh codespace ssh or gh codespace logs commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an SSH server running with...