Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with created CSRF tokens. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12  and was fixed in all versions of 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program.
History

Thu, 17 Oct 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Github
Github enterprise Server
CPEs cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
Vendors & Products Github
Github enterprise Server

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_P

Published: 2024-02-13T18:44:05.830Z

Updated: 2024-08-01T18:26:30.428Z

Reserved: 2024-01-30T19:51:33.108Z

Link: CVE-2024-1084

cve-icon Vulnrichment

Updated: 2024-08-01T18:26:30.428Z

cve-icon NVD

Status : Modified

Published: 2024-02-13T19:15:09.053

Modified: 2024-11-21T08:49:45.727

Link: CVE-2024-1084

cve-icon Redhat

No data.