PT-2024-37179 · Github · Github Enterprise Server
Ahacker1
·
Published
2024-07-16
·
Updated
2024-09-17
·
CVE-2024-5817
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
GitHub Enterprise Server versions prior to 3.14
Description:
An Incorrect Authorization issue was identified in GitHub Enterprise Server, allowing read access to issue content via GitHub Projects. This issue was only exploitable in internal repositories and required the attacker to have access to the corresponding project board.
Recommendations:
For versions prior to 3.9.17, update to version 3.9.17.
For versions prior to 3.10.14, update to version 3.10.14.
For versions prior to 3.11.12, update to version 3.11.12.
For versions prior to 3.12.6, update to version 3.12.6.
For versions prior to 3.13.1, update to version 3.13.1.
As a temporary workaround, consider restricting access to GitHub Projects in internal repositories until a patch is applied.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Github Enterprise Server