An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.
References
Configurations
Configuration 1 (hide)
|
History
17 Sep 2024, 16:30
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
References | () https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17 - Release Notes | |
References | () https://help.github.com/enterprise-server@3.10/admin/release-notes#3.10.15 - Release Notes | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
Summary |
|
|
CPE | cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:* cpe:2.3:a:github:enterprise_server:3.13.0:*:*:*:*:*:*:* |
|
First Time |
Github
Github enterprise Server |
16 Jul 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-16 22:15
Updated : 2024-09-17 16:30
NVD link : CVE-2024-6395
Mitre link : CVE-2024-6395
CVE.ORG link : CVE-2024-6395
JSON object : View
Products Affected
github
- enterprise_server
CWE