A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. A mitigating factor is that the attacker would have to be a trusted GitHub Enterprise Server user, and the victim would have to visit a tag in the attacker's fork of their own repository. vulnerability affected all versions of GitHub Enterprise Server prior 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.
History

Tue, 17 Sep 2024 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Github
Github enterprise Server
CPEs cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:3.13.0:*:*:*:*:*:*:*
Vendors & Products Github
Github enterprise Server
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_P

Published: 2024-07-16T21:26:57.404Z

Updated: 2024-08-01T21:25:02.739Z

Reserved: 2024-06-10T20:08:13.175Z

Link: CVE-2024-5815

cve-icon Vulnrichment

Updated: 2024-08-01T21:25:02.739Z

cve-icon NVD

Status : Analyzed

Published: 2024-07-16T22:15:05.490

Modified: 2024-09-17T16:26:44.973

Link: CVE-2024-5815

cve-icon Redhat

No data.