PT-2024-26117 · Github · Github Enterprise Server
Ali Kalout
+1
·
Published
2024-04-19
·
Updated
2025-09-02
·
CVE-2024-3470
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
GitHub Enterprise Server versions 3.11 through 3.12
Description
An Improper Privilege Management issue was identified in GitHub Enterprise Server, allowing an attacker to bypass an organization ruleset using a deploy key. The attacker would need access to a valid deploy key for a repository in the organization and repository administrator access. This issue was reported via the GitHub Bug Bounty program.
Recommendations
For GitHub Enterprise Server versions 3.11 through 3.11.7, update to version 3.11.8 to resolve the issue.
For GitHub Enterprise Server versions 3.12 through 3.12.1, update to version 3.12.2 to resolve the issue.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Github Enterprise Server