CVE-2024-1908 in GitHubالمعلومات

الملخص

بحسب MITRE • 21/03/2024

An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private repository data. An attacker would require an account on the server instance with non-default settings for GitHub Connect. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.16, 3.9.11, 3.10.8, and 3.11.6. This vulnerability was reported via the GitHub Bug Bounty program.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

GitHub, Inc. (Products Only)

حجز

26/02/2024

إفشاء

21/03/2024

الاعتدال

تمت الموافقة

إدخال

VDB-255307

CPE

جاهز

CWE

CWE-269 (مؤكد)

CVSS

6.5 (NVD)

EPSS

0.00606

KEV

لا

النشاطات

منخفض جدًا

القطاع

Finance, Pharma, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2024-1908
NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-1908
CVE Details	https://www.cvedetails.com/cve/CVE-2024-1908/

التالي ▸نظرة عامة ◂ السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!