CVE-2024-53859

{"id": "CVE-2024-53859", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 1.0}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-11-27T22:15:05.673", "references": [{"url": "https://docs.github.com/en/apps/using-github-apps/reviewing-and-revoking-authorization-of-github-apps#reviewing-your-authorized-github-apps", "tags": ["Technical Description"], "source": "security-advisories@github.com"}, {"url": "https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log", "tags": ["Technical Description"], "source": "security-advisories@github.com"}, {"url": "https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/identifying-audit-log-events-performed-by-an-access-token", "tags": ["Technical Description"], "source": "security-advisories@github.com"}, {"url": "https://docs.github.com/en/enterprise-cloud@latest/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens", "tags": ["Technical Description"], "source": "security-advisories@github.com"}, {"url": "https://github.com/cli/go-gh/blob/71770357e0cb12867d3e3e288854c0aa09d440b7/pkg/auth/auth.go#L73-L77", "tags": ["Product"], "source": "security-advisories@github.com"}, {"url": "https://github.com/cli/go-gh/security/advisories/GHSA-55v3-xh23-96gh", "tags": ["Mitigation", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "go-gh is a Go module for interacting with the `gh` utility and the GitHub API from the command line. A security vulnerability has been identified in `go-gh` that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. `go-gh` sources authentication tokens from different environment variables depending on the host involved: 1. `GITHUB_TOKEN`, `GH_TOKEN` for GitHub.com and ghe.com and 2. `GITHUB_ENTERPRISE_TOKEN`, `GH_ENTERPRISE_TOKEN` for GitHub Enterprise Server. Prior to version `2.11.1`, `auth.TokenForHost` could source a token from the `GITHUB_TOKEN` environment variable for a host other than GitHub.com or ghe.com when within a codespace. In version `2.11.1`, `auth.TokenForHost` will only source a token from the `GITHUB_TOKEN` environment variable for GitHub.com or ghe.com hosts. Successful exploitation could send authentication token to an unintended host. This issue has been addressed in version 2.11.1 and all users are advised to upgrade. Users are also advised to regenerate authentication tokens and to review their personal security log and any relevant audit logs for actions associated with their account or enterprise."}, {"lang": "es", "value": "go-gh es un m\u00f3dulo Go para interactuar con la utilidad `gh` y la API de GitHub desde la l\u00ednea de comandos. Se ha identificado una vulnerabilidad de seguridad en `go-gh` que podr\u00eda filtrar tokens de autenticaci\u00f3n destinados a hosts de GitHub a hosts que no sean de GitHub cuando se est\u00e1 dentro de un espacio de c\u00f3digo. `go-gh` obtiene tokens de autenticaci\u00f3n de diferentes variables de entorno seg\u00fan el host involucrado: 1. `GITHUB_TOKEN`, `GH_TOKEN` para GitHub.com y ghe.com y 2. `GITHUB_ENTERPRISE_TOKEN`, `GH_ENTERPRISE_TOKEN` para GitHub Enterprise Server. Antes de la versi\u00f3n `2.11.1`, `auth.TokenForHost` pod\u00eda obtener un token de la variable de entorno `GITHUB_TOKEN` para un host que no fuera GitHub.com o ghe.com cuando se estaba dentro de un espacio de c\u00f3digo. En la versi\u00f3n `2.11.1`, `auth.TokenForHost` solo obtendr\u00e1 un token de la variable de entorno `GITHUB_TOKEN` para los hosts de GitHub.com o ghe.com. Una explotaci\u00f3n exitosa podr\u00eda enviar el token de autenticaci\u00f3n a un host no deseado. Este problema se ha solucionado en la versi\u00f3n 2.11.1 y se recomienda a todos los usuarios que actualicen. Tambi\u00e9n se recomienda a los usuarios que vuelvan a generar los tokens de autenticaci\u00f3n y que revisen su registro de seguridad personal y cualquier registro de auditor\u00eda relevante para las acciones asociadas con su cuenta o empresa."}], "lastModified": "2025-09-22T18:16:50.020", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cli:go-gh:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C600E771-AB51-4460-859E-A7640C79FA64", "versionEndExcluding": "2.11.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}