GitHub Enterprise Server Code Injection Vulnerability Allowing DOM Manipulation and Data Exfiltration

A code injection vulnerability has been identified in GitHub Enterprise Server. This vulnerability allows attackers to inject malicious code into the query selector via the identity property in the message handling function. The injected code can exfiltrate sensitive data by manipulating the DOM, including authentication tokens. To exploit this vulnerability, the victim must be logged into GitHub and interact with a malicious webpage controlled by the attacker, which contains a hidden iframe. This issue affects all versions of GitHub Enterprise Server prior to 3.11.16, 3.12.10, 3.13.5, 3.14.2, and 3.15.0.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, such as authentication tokens, by manipulating the Document Object Model (DOM) in the victim's browser.

Reproduction

To reproduce this vulnerability, log into GitHub and visit a malicious webpage that includes a hidden iframe. The injected code will exploit the query selector handling to access and exfiltrate sensitive DOM data, such as authentication tokens.

Remediation

Users can upgrade to GitHub Enterprise Server versions 3.11.16, 3.12.10, 3.13.5, 3.14.2, or 3.15.0.