An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a suspended GitHub App to retain access to the repository via a scoped user access token. This was only exploitable in public repositories while private repositories were not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.9.17, 3.10.14, 3.11.12, 3.12.6, 3.13.1. This vulnerability was reported via the GitHub Bug Bounty program.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Sep 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Github
Github enterprise Server |
|
CPEs | cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:* cpe:2.3:a:github:enterprise_server:3.13.0:*:*:*:*:*:*:* |
|
Vendors & Products |
Github
Github enterprise Server |
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_P
Published: 2024-07-16T21:27:00.491Z
Updated: 2024-08-01T21:25:02.923Z
Reserved: 2024-06-10T20:14:52.022Z
Link: CVE-2024-5816
Vulnrichment
Updated: 2024-08-01T21:25:02.923Z
NVD
Status : Modified
Published: 2024-07-16T22:15:05.657
Modified: 2024-11-21T09:48:23.347
Link: CVE-2024-5816
Redhat
No data.