CVE-2024-8770

A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:3.14.0:*:*:*:*:*:*:*

History

27 Sep 2024, 13:49

Type Values Removed Values Added
References () https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.17 - () https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.17 - Release Notes
References () https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.15 - () https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.15 - Release Notes
References () https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.9 - () https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.9 - Release Notes
References () https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.4 - () https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.4 - Release Notes
References () https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.1 - () https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.1 - Release Notes
CPE cpe:2.3:a:github:enterprise_server:3.14.0:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
First Time Github
Github enterprise Server

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) Se identificó una vulnerabilidad Cross-Site Scripting (XSS) en la función de transferencia de repositorios de GitHub Enterprise Server, que permite a los atacantes robar información confidencial de los usuarios mediante ingeniería social. Esta vulnerabilidad afectó a todas las versiones de GitHub Enterprise Server y se solucionó en las versiones 3.10.17, 3.11.15, 3.12.9, 3.13.4 y 3.14.1. Esta vulnerabilidad se informó a través del programa GitHub Bug Bounty.

23 Sep 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-23 21:15

Updated : 2024-09-27 13:49


NVD link : CVE-2024-8770

Mitre link : CVE-2024-8770

CVE.ORG link : CVE-2024-8770


JSON object : View

Products Affected

github

  • enterprise_server
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')