PT-2024-20491 · Github · Github Enterprise Server
Inspector-Ambitious
·
Published
2024-03-20
·
Updated
2025-09-04
·
CVE-2024-2469
CVSS v3.1
8.0
High
| Vector | AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
GitHub Enterprise Server versions 3.8.0 through 3.12.0
Description
An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This issue was reported via the GitHub Bug Bounty program. Remote attacks are possible, allowing an attacker to potentially compromise the security of repositories.
Recommendations
For GitHub Enterprise Server versions 3.8.0 through 3.8.16, update to version 3.8.17.
For GitHub Enterprise Server versions 3.9.0 through 3.9.11, update to version 3.9.12.
For GitHub Enterprise Server versions 3.10.0 through 3.10.8, update to version 3.10.9.
For GitHub Enterprise Server versions 3.11.0 through 3.11.6, update to version 3.11.7.
For GitHub Enterprise Server versions 3.12.0, update to version 3.12.1.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Github Enterprise Server