Main Vulnerability Database Vulnerabilities #VU122318

Information disclosure in GitHub CLI - CVE-2024-53858

Published: February 4, 2026

Vulnerability identifier: #VU122318

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U/U:Green

CVE-ID: CVE-2024-53858

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: GitHub CLI

Affected software:
GitHub CLI

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the application can leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. A remote attacker can trick the victim into cloning a specially crafted repository and obtain victim's authentication tokens.

How to mitigate CVE-2024-53858

Install updates from vendor's website.

Sources

https://github.com/cli/cli/security/advisories/GHSA-jwcm-9g39-pmcw

Information disclosure in GitHub CLI - CVE-2024-53858

Detailed vulnerability description

How to mitigate CVE-2024-53858

Sources

Please verify you're human