Fluid Attacks Database

Description

Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in github.com/cli/cli Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in github.com/cli/cli

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	gh	=2.23.0+dfsg1-1 \|\| =2.24.3+dfsg1-1 \|\| =2.27.0+dfsg1-1 \|\| =2.30.0-1 \|\| =2.30.0-2 \|\| =2.35.0-1 \|\| =2.40.1+dfsg1-1 \|\| =2.42.1-1 \|\| =2.43.1-1 \|\| =2.44.1-1 \|\| =2.44.1-2 \|\| =2.45.0-1 \|\| =2.46.0-1 \|\| =2.46.0-2 \|\| =2.46.0-3 \|\| =2.46.0-4	-
debian 13	gh	>=0 <2.46.0-3	2.46.0-3
go	github.com/cli/cli/v2	>=0 <2.63.0	2.63.0
go	github.com/cli/cli	-	-

Aliases

1. CVE-2024-538582. NVD-2024-538583. OSV-DEBIAN-2024-538584. OSV-2024-538585. OSV-GO-2024-32966. GHSA-jwcm-9g39-pmcw7. GCVE-2024-538588. SECURITY-TRACKER-CVE-2024-538589. GHSA-jwcm-9g39-pmcw

References

1. https://github.com/cli/cli/security/advisories/GHSA-jwcm-9g39-pmcw2. https://git-scm.com/docs/gitcredentials