CVE-2024-5566

An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:3.13.0:*:*:*:*:*:*:*

History

17 Sep 2024, 16:42

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.8
v2 : unknown
v3 : 6.5
CWE NVD-CWE-noinfo
First Time Github
Github enterprise Server
CPE cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:3.13.0:*:*:*:*:*:*:*
Summary
  • (es) Una vulnerabilidad de gestión de privilegios inadecuada permitió a los usuarios migrar repositorios privados sin tener definidos los alcances adecuados en el token de acceso personal relacionado. Esta vulnerabilidad afectó a todas las versiones de GitHub Enterprise Server anteriores a la 3.14 y se solucionó en las versiones 3.13.1, 3.12.6, 3.11.12, 3.10.14 y 3.9.17.
References () https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.14 - () https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.14 - Release Notes
References () https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.10 - () https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.10 - Release Notes
References () https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6 - () https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6 - Release Notes
References () https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1 - () https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1 - Release Notes
References () https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17 - () https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17 - Release Notes

16 Jul 2024, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-16 22:15

Updated : 2024-09-17 16:42


NVD link : CVE-2024-5566

Mitre link : CVE-2024-5566

CVE.ORG link : CVE-2024-5566


JSON object : View

Products Affected

github

  • enterprise_server
CWE
NVD-CWE-noinfo CWE-269

Improper Privilege Management