PT-2024-37177 · Github · Github Enterprise Server
Ahacker1
·
Published
2024-07-16
·
Updated
2024-09-17
·
CVE-2024-5815
CVSS v4.0
6.8
Medium
| Vector | AV:N/AC:L/AT:P/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/S:N/AU:N/R:U/RE:L/U:Amber |
Name of the Vulnerable Software and Affected Versions:
GitHub Enterprise Server versions prior to 3.14
Description:
A Cross-Site Request Forgery issue in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. The attacker would have to be a trusted GitHub Enterprise Server user, and the victim would have to visit a tag in the attacker's fork of their own repository.
Recommendations:
For versions prior to 3.9.17, update to version 3.9.17.
For versions prior to 3.10.14, update to version 3.10.14.
For versions prior to 3.11.12, update to version 3.11.12.
For versions prior to 3.12.6, update to version 3.12.6.
For versions prior to 3.13.1, update to version 3.13.1.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Github Enterprise Server