CVE-2024-10824

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions 3.13.0 through 3.13.1 GitHub Enterprise Server versions prior to 3.13.2

Description The issue is related to an authorization bypass vulnerability in GitHub Enterprise Server, allowing unauthorized internal users to access sensitive secret scanning alert data intended only for business owners. This can be exploited by organization members with a personal access token (PAT) if secret scanning is enabled on user-owned repositories.

Recommendations For GitHub Enterprise Server versions 3.13.0 through 3.13.1, update to version 3.13.2 to resolve the issue. For GitHub Enterprise Server versions prior to 3.13.2, update to version 3.13.2 or later to mitigate the risk. As a temporary workaround, consider disabling secret scanning on user-owned repositories until the update is applied.