CVE-2024-0507

An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:46

Type Values Removed Values Added
References () https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5 - Release Notes () https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5 - Release Notes
References () https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3 - Release Notes () https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3 - Release Notes
References () https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13 - Release Notes () https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13 - Release Notes
References () https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8 - Release Notes () https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8 - Release Notes
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 6.5

23 Jan 2024, 19:31

Type Values Removed Values Added
CWE CWE-77
References () https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8 - () https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8 - Release Notes
References () https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3 - () https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3 - Release Notes
References () https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5 - () https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5 - Release Notes
References () https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13 - () https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13 - Release Notes
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*

16 Jan 2024, 23:12

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-16 19:15

Updated : 2024-11-21 08:46


NVD link : CVE-2024-0507

Mitre link : CVE-2024-0507

CVE.ORG link : CVE-2024-0507


JSON object : View

Products Affected

github

  • enterprise_server
CWE
CWE-20

Improper Input Validation

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')