CVE-2024-10007

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.15 GitHub Enterprise Server version 3.14.2 and earlier GitHub Enterprise Server versions prior to 3.14.3 GitHub Enterprise Server versions prior to 3.13.6 GitHub Enterprise Server versions prior to 3.12.11 GitHub Enterprise Server versions prior to 3.11.17

Description: A path collision and arbitrary code execution vulnerability was identified in GitHub Enterprise Server, allowing container escape to escalate to root via the ghe-firejail path. Exploitation of this vulnerability requires Enterprise Administrator access to the GitHub Enterprise Server instance. This issue can lead to privilege escalation to root.

Recommendations: For GitHub Enterprise Server versions prior to 3.15, update to version 3.14.3 or later. For GitHub Enterprise Server versions prior to 3.14.3, update to version 3.14.3. For GitHub Enterprise Server versions prior to 3.13.6, update to version 3.13.6 or later. For GitHub Enterprise Server versions prior to 3.12.11, update to version 3.12.11 or later. For GitHub Enterprise Server versions prior to 3.11.17, update to version 3.11.17 or later.