Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

Ubuntu 24.04 GitHub CLI Significant File Overwrite Security Risk USN-8012-1

ubuntu
Calendar Grey February 4, 2026
Dist Ubuntu Esm H88
Security issues in GitHub CLI fixed for Ubuntu 24.04 LTS including file overwrite and token theft risks.
Several security issues were fixed in GitHub CLI.

Summary

Several security issues were fixed in GitHub CLI.

Software Description:

- gh: GitHub for the terminal

Details:

It was discovered that GitHub CLI could behave unexpectedly if users

downloaded a malicious GitHub Actions workflow artifact through gh run

download. An attacker could possibly use this issue to create or overwrite

files in unintended directories. (CVE-2024-54132)

It was discovered that GitHub CLI could behave unexpectedly when cloning

repositories containing git submodules hosted outside of GitHub.com and

ghe.com. An attacker could possibly use this issue to gather authentication

tokens. (CVE-2024-53858)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  gh                              2.45.0-1ubuntu0.3+esm2
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8012-1

CVE-2024-53858, CVE-2024-54132

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8012-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here