A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. A mitigating factor is that the attacker would have to be a trusted GitHub Enterprise Server user, and the victim would have to visit a tag in the attacker's fork of their own repository. vulnerability affected all versions of GitHub Enterprise Server prior 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17.
This vulnerability was reported via the GitHub Bug Bounty program.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Sep 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Github
Github enterprise Server |
|
CPEs | cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:* cpe:2.3:a:github:enterprise_server:3.13.0:*:*:*:*:*:*:* |
|
Vendors & Products |
Github
Github enterprise Server |
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_P
Published: 2024-07-16T21:26:57.404Z
Updated: 2024-08-01T21:25:02.739Z
Reserved: 2024-06-10T20:08:13.175Z
Link: CVE-2024-5815
Vulnrichment
Updated: 2024-08-01T21:25:02.739Z
NVD
Status : Analyzed
Published: 2024-07-16T22:15:05.490
Modified: 2024-09-17T16:26:44.973
Link: CVE-2024-5815
Redhat
No data.