@@ -16,11 +16,11 @@ def initialize(info={})
1616 super ( update_info ( info ,
1717 'Name' => "Github Enterprise Default Session Secret And Deserialization Vulnerability" ,
1818 'Description' => %q{
19- This module exploits two security issues in Github Enterprise, version 2.8. The first is
20- that the session management uses a hard-coded secret value, which can be abused to sign
21- a serialized malicious Ruby object. The second problem is due to the use of unsafe
22- deserialization, which allows the malicious Ruby object to be loaded, and results
23- in arbitrary remote code execution.
19+ This module exploits two security issues in Github Enterprise, version 2.8.0 - 2.8.6.
20+ The first is that the session management uses a hard-coded secret value, which can be
21+ abused to sign a serialized malicious Ruby object. The second problem is due to the
22+ use of unsafe deserialization, which allows the malicious Ruby object to be loaded,
23+ and results in arbitrary remote code execution.
2424
2525 This exploit was tested against version 2.8.0.
2626 } ,
@@ -33,7 +33,8 @@ def initialize(info={})
3333 'References' =>
3434 [
3535 [ 'EDB' , '41616' ] ,
36- [ 'URL' , 'http://exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html' ]
36+ [ 'URL' , 'http://exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html' ] ,
37+ [ 'URL' , 'https://enterprise.github.com/releases/2.8.7/notes' ] # Patched in this version
3738 ] ,
3839 'Platform' => 'linux' ,
3940 'Targets' =>
0 commit comments