An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17.
History

Tue, 17 Sep 2024 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Github
Github enterprise Server
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:3.13.0:*:*:*:*:*:*:*
Vendors & Products Github
Github enterprise Server

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_P

Published: 2024-07-16T21:26:46.902Z

Updated: 2024-08-01T21:18:06.292Z

Reserved: 2024-05-31T15:02:06.763Z

Link: CVE-2024-5566

cve-icon Vulnrichment

Updated: 2024-08-01T21:18:06.292Z

cve-icon NVD

Status : Modified

Published: 2024-07-16T22:15:04.887

Modified: 2024-11-21T09:47:56.607

Link: CVE-2024-5566

cve-icon Redhat

No data.