CVE-2024-3684 in GitHubinfo

Summary

by MITRE • 04/19/2024

A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance when configuring the Artifacts & Logs and Migrations Storage. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.12.2, 3.11.8, 3.10.10, and 3.9.13. This vulnerability was reported via the GitHub Bug Bounty program.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 09/02/2025

This server-side request forgery vulnerability in GitHub Enterprise Server represents a critical privilege escalation flaw that demonstrates how insufficient input validation can lead to administrative access compromise. The vulnerability specifically targeted the Management Console configuration interfaces for Artifacts & Logs and Migrations Storage, where attackers with merely editor privileges could manipulate request parameters to bypass authentication mechanisms. The flaw exploited the lack of proper validation for remote resource references during storage configuration processes, allowing malicious actors to redirect requests to internal system endpoints that should have been restricted to administrators only. This type of vulnerability falls under CWE-918, which specifically addresses server-side request forgery conditions where applications fail to properly validate and sanitize user-supplied input that influences HTTP requests.

The operational impact of this vulnerability extends beyond simple privilege escalation, as it fundamentally undermines the security model of GitHub Enterprise Server by enabling unauthorized access to critical system functions. Attackers could leverage this weakness to gain full administrative control over the appliance, potentially leading to data exfiltration, system compromise, and complete control over the organization's code repositories and CI/CD pipelines. The vulnerability required specific preconditions including access to the target instance and an existing editor role within the Management Console, making it somewhat more difficult to exploit but still highly dangerous given the potential for lateral movement and persistence within the environment. The affected versions spanned multiple release branches, indicating this was a widespread issue that required coordinated patching across different maintenance channels.

Security practitioners should prioritize immediate remediation of this vulnerability through the deployment of the patched versions 3.12.2, 3.11.8, 3.10.10, and 3.9.13 as recommended by GitHub. Organizations should also implement network segmentation and access controls to limit Management Console access to only trusted personnel with legitimate administrative needs. The vulnerability's exploitation aligns with ATT&CK technique T1078.004 which covers valid accounts with administrative privileges, as the flaw essentially allowed attackers to escalate from editor to administrator roles without requiring additional credentials. Monitoring for unusual configuration changes in the Artifacts & Logs and Migrations Storage sections of the Management Console should be implemented as part of defensive measures, particularly focusing on requests that may attempt to access internal network resources or modify system-level settings that should be restricted to administrators only.

Sources

Do you know our Splunk app?

Download it now for free!