PT-2024-39274 · Github · Github Enterprise Server
Ahacker1
·
Published
2024-11-07
·
Updated
2025-08-27
·
CVE-2024-8810
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:N/R:U/V:C/RE:L/U:Amber |
Name of the Vulnerable Software and Affected Versions:
GitHub Enterprise Server versions prior to 3.14.1
GitHub Enterprise Server versions 3.13.4 and earlier
GitHub Enterprise Server versions 3.12.9 and earlier
GitHub Enterprise Server versions 3.11.15 and earlier
GitHub Enterprise Server versions 3.10.17 and earlier
Description:
A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organization administrator. An attacker would require an account with administrator access to install a malicious GitHub App. This issue was reported via the GitHub Bug Bounty program.
Recommendations:
For GitHub Enterprise Server versions prior to 3.14.1, update to version 3.14.1 or later.
For GitHub Enterprise Server versions prior to 3.13.4, update to version 3.13.4 or later.
For GitHub Enterprise Server versions prior to 3.12.9, update to version 3.12.9 or later.
For GitHub Enterprise Server versions prior to 3.11.15, update to version 3.11.15 or later.
For GitHub Enterprise Server versions prior to 3.10.17, update to version 3.10.17 or later.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Github Enterprise Server