Critical vulnerability discovered in GitHub CLI allows attackers to execute malicious commands

A new security vulnerability has been identified in GitHub’s Command Line Interface (CLI) that could allow attackers to execute malicious commands on a user’s system via remote code execution (RCE). This vulnerability, identified as CVE-2024-32002, affects versions of GitHub CLI prior to 2.62.0 and poses a significant risk to developers who interact with GitHub repositories and services.

The vulnerability is related to how GitHub CLI handles SSH connection details, particularly when users connect to Codespace environments. The issue is exploited when users use the gh codespace ssh or gh codespace logs commands to interact with a malicious SSH server within Codespace.

An attacker could create a modified devcontainer with an SSH server that injects arbitrary SSH parameters into the connection details. When a user connects to a compromised Codespace, the attacker could manipulate the remote username to include malicious SSH arguments. For example, a crafted username containing -oProxyCommand="echo hacked" # could trigger arbitrary code execution on the user’s system.

If successfully exploited, this vulnerability could lead to the following consequences:

  • Unauthorized access and execution of arbitrary code on the user’s system
  • Theft of sensitive data and credentials
  • Installation of malware or backdoors
  • Additional malicious activity within the system

Since GitHub CLI is widely used among developers, this vulnerability poses a global risk to many users.

GitHub has released version 2.62.0 to fix the vulnerability. Users are strongly recommended to take the following actions:

  • Update GitHub CLI to version 2.62.0 or later immediately
  • Exercise caution when using custom devcontainer images
  • Prefer devcontainers from trusted sources
  • Be cautious when connecting to Codespaces from untrusted repositories

This vulnerability highlights the importance of securing development tools and the potential risks associated with remote development environments. As cloud-based development environments continue to grow, both tool providers and users must prioritize security and implement robust validation mechanisms to prevent similar vulnerabilities in the future.

Skip to content