An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_P
Published: 2024-01-16T18:50:48.931Z
Updated: 2024-08-01T17:41:16.005Z
Reserved: 2024-01-02T19:47:57.924Z
Link: CVE-2024-0200
Vulnrichment
Updated: 2024-08-01T17:41:16.005Z
NVD
Status : Modified
Published: 2024-01-16T19:15:08.667
Modified: 2024-11-21T08:46:03.023
Link: CVE-2024-0200
Redhat
No data.