CVE-2024-2748

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server version 3.12.0

Description A Cross Site Request Forgery issue was identified that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user, with the mitigating factor that user interaction is required. This issue was reported via the GitHub Bug Bounty program.

Recommendations For GitHub Enterprise Server version 3.12.0, update to version 3.12.1 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the server to minimize the risk of exploitation.