An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUB_TOKEN. To exploit this vulnerability, an attacker would need access to the Enterprise Server. This vulnerability affected all versions of GitHub Enterprise Server after 3.8 and prior to 3.12, and was fixed in versions 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_P
Published: 2024-02-14T20:04:47.981Z
Updated: 2024-08-01T18:40:21.100Z
Reserved: 2024-02-13T20:04:24.216Z
Link: CVE-2024-1482
Vulnrichment
Updated: 2024-08-01T18:40:21.100Z
NVD
Status : Awaiting Analysis
Published: 2024-02-14T20:15:45.690
Modified: 2024-02-15T06:23:39.303
Link: CVE-2024-1482
Redhat
No data.