CVE-2024-7711

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This was only exploitable inside a public repository. This vulnerability affected GitHub Enterprise Server versions before 3.14 and was fixed in versions 3.13.3, 3.12.8, and 3.11.14. Versions 3.10 of GitHub Enterprise Server are not affected. This vulnerability was reported via the GitHub Bug Bounty program.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*

History

27 Sep 2024, 18:17

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.3
First Time Github
Github enterprise Server
CPE cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
References () https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14 - () https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14 - Release Notes, Vendor Advisory
References () https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.8 - () https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.8 - Release Notes, Vendor Advisory
References () https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.3 - () https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.3 - Release Notes, Vendor Advisory

21 Aug 2024, 12:30

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-20 20:15

Updated : 2024-09-27 18:17


NVD link : CVE-2024-7711

Mitre link : CVE-2024-7711

CVE.ORG link : CVE-2024-7711


JSON object : View

Products Affected

github

  • enterprise_server
CWE
CWE-863

Incorrect Authorization