A Security Misconfiguration vulnerability in GitHub Enterprise Server allowed sensitive information disclosure to unauthorized users in GitHub Enterprise Server by exploiting organization ruleset feature. This attack required an organization member to explicitly change the visibility of a dependent repository from private to public. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.
References
Configurations
Configuration 1 (hide)
|
History
17 Sep 2024, 15:23
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:github:enterprise_server:3.13.0:*:*:*:*:*:*:* cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:* |
|
First Time |
Github
Github enterprise Server |
|
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
References | () https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.15 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17 - Release Notes | |
Summary |
|
16 Jul 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-16 22:15
Updated : 2024-09-17 15:23
NVD link : CVE-2024-6336
Mitre link : CVE-2024-6336
CVE.ORG link : CVE-2024-6336
JSON object : View
Products Affected
github
- enterprise_server
CWE