Main Vulnerability Database Vulnerabilities #VU122318

#VU122318 Information disclosure in GitHub CLI - CVE-2024-53858

Published: February 4, 2026

Vulnerability identifier: #VU122318

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U/U:Green

CVE-ID: CVE-2024-53858

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
GitHub CLI

Software vendor:
GitHub CLI

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the application can leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. A remote attacker can trick the victim into cloning a specially crafted repository and obtain victim's authentication tokens.

Remediation

Install updates from vendor's website.

External links

https://github.com/cli/cli/security/advisories/GHSA-jwcm-9g39-pmcw

#VU122318 Information disclosure in GitHub CLI - CVE-2024-53858

Description

Remediation

External links

Please verify you're human