An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Sep 2024 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Github
Github enterprise Server |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:* cpe:2.3:a:github:enterprise_server:3.13.0:*:*:*:*:*:*:* |
|
Vendors & Products |
Github
Github enterprise Server |
MITRE
Status: PUBLISHED
Assigner: GitHub_P
Published: 2024-07-16T21:26:46.902Z
Updated: 2024-08-01T21:18:06.292Z
Reserved: 2024-05-31T15:02:06.763Z
Link: CVE-2024-5566
Vulnrichment
Updated: 2024-08-01T21:18:06.292Z
NVD
Status : Modified
Published: 2024-07-16T22:15:04.887
Modified: 2024-11-21T09:47:56.607
Link: CVE-2024-5566
Redhat
No data.