A Security Misconfiguration vulnerability in GitHub Enterprise Server allowed sensitive information disclosure to unauthorized users in GitHub Enterprise Server by exploiting organization ruleset feature. This attack required an organization member to explicitly change the visibility of a dependent repository from private to public. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Sep 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Github
Github enterprise Server |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:* cpe:2.3:a:github:enterprise_server:3.13.0:*:*:*:*:*:*:* |
|
Vendors & Products |
Github
Github enterprise Server |
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_P
Published: 2024-07-16T21:27:07.393Z
Updated: 2024-08-01T21:33:05.420Z
Reserved: 2024-06-25T20:18:21.890Z
Link: CVE-2024-6336
Vulnrichment
Updated: 2024-08-01T21:33:05.420Z
NVD
Status : Modified
Published: 2024-07-16T22:15:05.983
Modified: 2024-11-21T09:49:27.270
Link: CVE-2024-6336
Redhat
No data.