A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Configurations
Configuration 1 (hide)
|
History
27 Sep 2024, 13:49
Type | Values Removed | Values Added |
---|---|---|
References | () https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.17 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.15 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.9 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.4 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.1 - Release Notes | |
CPE | cpe:2.3:a:github:enterprise_server:3.14.0:*:*:*:*:*:*:* cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
First Time |
Github
Github enterprise Server |
26 Sep 2024, 13:32
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
23 Sep 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-23 21:15
Updated : 2024-09-27 13:49
NVD link : CVE-2024-8770
Mitre link : CVE-2024-8770
CVE.ORG link : CVE-2024-8770
JSON object : View
Products Affected
github
- enterprise_server
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')