Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with created CSRF tokens. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in all versions of 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program.
Metrics
Affected Vendors & Products
References
History
Thu, 17 Oct 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Github
Github enterprise Server |
|
CPEs | cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:* | |
Vendors & Products |
Github
Github enterprise Server |
MITRE
Status: PUBLISHED
Assigner: GitHub_P
Published: 2024-02-13T18:44:05.830Z
Updated: 2024-08-01T18:26:30.428Z
Reserved: 2024-01-30T19:51:33.108Z
Link: CVE-2024-1084
Vulnrichment
Updated: 2024-08-01T18:26:30.428Z
NVD
Status : Modified
Published: 2024-02-13T19:15:09.053
Modified: 2024-11-21T08:49:45.727
Link: CVE-2024-1084
Redhat
No data.