July 1, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Blind Eagle APT aka APT-C-36 – Active IOCs
December 17, 2024The Mask APT Returns with Advanced Multi-Platform Malware Toolkit
December 17, 2024Blind Eagle APT aka APT-C-36 – Active IOCs
December 17, 2024The Mask APT Returns with Advanced Multi-Platform Malware Toolkit
December 17, 2024
Severity
High
Analysis Summary
CVE-2024-39700 CVSS:9.9
JupyterLab extension template is a `copier` template for JupyterLab extensions. Repositories created using this template with `test` option include `update-integration-tests.yml` workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to the latest version. Users who made changes to `update-integration-tests.yml`, accept overwriting of this file and re-apply your changes later. Users may wish to temporarily disable GitHub Actions while working on the upgrade. We recommend rebasing all open pull requests from untrusted users as actions may run using the version from the `main` branch at the time when the pull request was created. Users who are upgrading from template version prior to 4.3.
CVE-2024-41127 CVSS:8.3
Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access. The ci-failure-comment.yml workflow is triggered when the Monkey CI workflow completes. When it runs, it will download an artifact uploaded by the triggering workflow and assign the contents of ./pr_num/pr_num.txt artifact to the steps.pr_num_reader.outputs.content WorkFlow variable. It is not validated that the variable is actually a number and later it is interpolated into a JS script allowing an attacker to change the code to be executed. This issue leads to pull-requests write access. This vulnerability is fixed in 24.30.0.
CVE-2024-6800 CVSS:9
GitHub Enterprise Server could allow a remote attacker to bypass security restrictions, caused by a flaw when using SAML authentication with specific identity providers. By sending a specially crafted request utilizing publicly exposed signed federation metadata XML, an attacker could exploit this vulnerability to forge a SAML response to provision and/or gain access to a user with site administrator privileges.
Impact
- Security Bypass
- Code Execution
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-39700
- CVE-2024-41127
- CVE-2024-6800
Affected Vendors
GitHub
Affected Products
- GitHub Enterprise Server 3.11.13
- GitHub Enterprise Server 3.12.7
- GitHub Enterprise Server 3.13.2
- jupyterlab extension-template - 4.3.3
- monkeytype - 24.30.0
Remediation
Refer to GitHub Website for patch, upgrade or suggested workaround information.