An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:46
Type | Values Removed | Values Added |
---|---|---|
References | () https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8 - Release Notes | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
23 Jan 2024, 19:31
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-77 | |
References | () https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13 - Release Notes | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:* |
16 Jan 2024, 23:12
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-16 19:15
Updated : 2024-11-21 08:46
NVD link : CVE-2024-0507
Mitre link : CVE-2024-0507
CVE.ORG link : CVE-2024-0507
JSON object : View
Products Affected
github
- enterprise_server