An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program.
References
Configurations
Configuration 1 (hide)
|
History
23 Jan 2024, 19:31
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-77 | |
CPE | cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:* | |
First Time |
Github enterprise Server
Github |
|
References | () https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8 - Release Notes | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
16 Jan 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-16 19:15
Updated : 2024-02-28 20:54
NVD link : CVE-2024-0507
Mitre link : CVE-2024-0507
CVE.ORG link : CVE-2024-0507
JSON object : View
Products Affected
github
- enterprise_server