An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program.
History

Tue, 22 Oct 2024 16:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:github:enterprise_server:-:*:*:*:*:*:*:*
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_P

Published: 2024-01-16T18:51:28.374Z

Updated: 2024-10-22T15:50:55.430Z

Reserved: 2024-01-12T15:20:54.402Z

Link: CVE-2024-0507

cve-icon Vulnrichment

Updated: 2024-08-01T18:11:34.952Z

cve-icon NVD

Status : Modified

Published: 2024-01-16T19:15:08.870

Modified: 2024-11-21T08:46:45.020

Link: CVE-2024-0507

cve-icon Redhat

No data.