PT-2024-37549 · Github · Github Enterprise Server
Andrea Valenza
+1
·
Published
2024-07-16
·
Updated
2024-09-17
·
CVE-2024-6336
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/S:N/AU:N/R:U/U:Amber |
Name of the Vulnerable Software and Affected Versions
GitHub Enterprise Server versions prior to 3.14
Description
A Security Misconfiguration issue in GitHub Enterprise Server allowed unauthorized users to access sensitive information by exploiting the organization ruleset feature. This required an organization member to change the visibility of a dependent repository from private to public. The issue was reported via the GitHub Bug Bounty program.
Recommendations
For versions prior to 3.13.1, update to version 3.13.1 or later.
For versions prior to 3.12.6, update to version 3.12.6 or later.
For versions prior to 3.11.12, update to version 3.11.12 or later.
For versions prior to 3.10.14, update to version 3.10.14 or later.
For versions prior to 3.9.17, update to version 3.9.17 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Github Enterprise Server