A Security Misconfiguration vulnerability in GitHub Enterprise Server allowed sensitive information disclosure to unauthorized users in GitHub Enterprise Server by exploiting organization ruleset feature. This attack required an organization member to explicitly change the visibility of a dependent repository from private to public. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.
History

Tue, 17 Sep 2024 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Github
Github enterprise Server
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:3.13.0:*:*:*:*:*:*:*
Vendors & Products Github
Github enterprise Server
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_P

Published: 2024-07-16T21:27:07.393Z

Updated: 2024-08-01T21:33:05.420Z

Reserved: 2024-06-25T20:18:21.890Z

Link: CVE-2024-6336

cve-icon Vulnrichment

Updated: 2024-08-01T21:33:05.420Z

cve-icon NVD

Status : Modified

Published: 2024-07-16T22:15:05.983

Modified: 2024-11-21T09:49:27.270

Link: CVE-2024-6336

cve-icon Redhat

No data.