A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.9.13, 3.10.10, 3.11.8 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_P

Published: 2024-04-19T17:02:29.144Z

Updated: 2024-08-01T19:11:53.576Z

Reserved: 2024-03-13T21:14:42.227Z

Link: CVE-2024-2440

cve-icon Vulnrichment

Updated: 2024-08-01T19:11:53.576Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-19T17:15:54.483

Modified: 2024-11-21T09:09:45.437

Link: CVE-2024-2440

cve-icon Redhat

No data.