CVE-2024-7711

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.14 GitHub Enterprise Server versions 3.13.3, 3.12.8, and 3.11.14 are not vulnerable, but versions before these are affected.

Description An Incorrect Authorization issue was identified, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This issue was only exploitable inside a public repository and was reported via the GitHub Bug Bounty program.

Recommendations For GitHub Enterprise Server versions prior to 3.14, update to version 3.13.3, 3.12.8, or 3.11.14 to resolve the issue. As a temporary workaround, consider restricting access to public repositories until a patch is applied. Avoid using the issue update functionality in public repositories until the issue is resolved.