Products
GitHub Enterprise Server
- before 3.14
Source
product-cna@github.com
Tags
CVE-2024-5566 details
Published : July 16, 2024, 10:15 p.m.
Last Modified : July 16, 2024, 10:15 p.m.
Last Modified : July 16, 2024, 10:15 p.m.
Description
An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17.
CVSS Score
| 1 | 2 | 3 | 4 | 5.8 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-269 | Improper Privilege Management | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
Base Score
5.8
Exploitability Score
1.3
Impact Score
4.0
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
References
| URL | Source |
|---|---|
| https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.14 | product-cna@github.com |
| https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.10 | product-cna@github.com |
| https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6 | product-cna@github.com |
| https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1 | product-cna@github.com |
| https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17 | product-cna@github.com |
This website uses the NVD API, but is not approved or certified by it.